US10079832B1 - Controlling user creation of data resources on a data processing platform - Google Patents

Controlling user creation of data resources on a data processing platform Download PDF

Info

Publication number
US10079832B1
US10079832B1 US15/826,321 US201715826321A US10079832B1 US 10079832 B1 US10079832 B1 US 10079832B1 US 201715826321 A US201715826321 A US 201715826321A US 10079832 B1 US10079832 B1 US 10079832B1
Authority
US
United States
Prior art keywords
user
data resource
data
software platform
executed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US15/826,321
Inventor
Greg DeArment
Adam Anderson
Andrew Bradshaw
Bradley Moylan
Jason Zhao
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Palantir Technologies Inc
Original Assignee
Palantir Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP17197000.7A external-priority patent/EP3467650B1/en
Application filed by Palantir Technologies Inc filed Critical Palantir Technologies Inc
Assigned to Palantir Technologies Inc. reassignment Palantir Technologies Inc. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ZHAO, JASON, ANDERSON, ADAM, BRADSHAW, ANDREW, DEARMENT, GREG, MOYLAN, BRADLEY
Application granted granted Critical
Priority to US16/134,586 priority Critical patent/US10397229B2/en
Publication of US10079832B1 publication Critical patent/US10079832B1/en
Priority to US16/430,900 priority patent/US10735429B2/en
Assigned to ROYAL BANK OF CANADA, AS ADMINISTRATIVE AGENT reassignment ROYAL BANK OF CANADA, AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Palantir Technologies Inc.
Assigned to MORGAN STANLEY SENIOR FUNDING, INC., AS ADMINISTRATIVE AGENT reassignment MORGAN STANLEY SENIOR FUNDING, INC., AS ADMINISTRATIVE AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Palantir Technologies Inc.
Assigned to Palantir Technologies Inc. reassignment Palantir Technologies Inc. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: ROYAL BANK OF CANADA
Assigned to MORGAN STANLEY SENIOR FUNDING, INC. reassignment MORGAN STANLEY SENIOR FUNDING, INC. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Palantir Technologies Inc.
Priority to US16/942,706 priority patent/US20200358774A1/en
Assigned to Palantir Technologies Inc. reassignment Palantir Technologies Inc. CORRECTIVE ASSIGNMENT TO CORRECT THE ERRONEOUSLY LISTED PATENT BY REMOVING APPLICATION NO. 16/832267 FROM THE RELEASE OF SECURITY INTEREST PREVIOUSLY RECORDED ON REEL 052856 FRAME 0382. ASSIGNOR(S) HEREBY CONFIRMS THE RELEASE OF SECURITY INTEREST. Assignors: ROYAL BANK OF CANADA
Assigned to WELLS FARGO BANK, N.A. reassignment WELLS FARGO BANK, N.A. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Palantir Technologies Inc.
Assigned to WELLS FARGO BANK, N.A. reassignment WELLS FARGO BANK, N.A. ASSIGNMENT OF INTELLECTUAL PROPERTY SECURITY AGREEMENTS Assignors: MORGAN STANLEY SENIOR FUNDING, INC.
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • G06F9/505Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the load
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • the present disclosure relates to a method and systems for controlling user creation of data resources on a data processing platform, for example a cloud-based data processing platform storing and executing multiple data resources for multiple users.
  • Cloud computing is a computing infrastructure for enabling ubiquitous access to shared pools of servers, storage, computer networks, applications and data resources, which can be rapidly provisioned, often over the Internet.
  • a data resource in this context is any form of executable software or data structure, usually but not exclusively for providing a service, for example a data analysis application, a data transformation application, a report generating application, a machine learning process, a spreadsheet or a database.
  • Some companies provide cloud computing services for registered customers, for example manufacturing and technology companies, to create, store, manage and execute their own data resources. Sometimes, these data resources may interact with other software resources, for example those provided by the cloud platform provider.
  • an engine manufacturer may create and store a database relating to spare parts for the different models of engines it produces and services.
  • the database may, for example, be a multi-dimensional relational database.
  • the engine manufacturer may also create one or more data analysis applications for performing certain tasks on data held in the database, for example to analyse and/or transform the data in order to identify trends which may be useful for predicting when certain parts will fail and/or need replacing, and hence when to produce and deploy the spare parts.
  • Proprietary or open-source software platforms used for such applications can be limited in terms of robustness and security, which can be problematic given that multiple different organisations may be storing and executing their own data resources on the same platform. There is a concern, for example, that data resources belonging to one organisation may impact data resources belonging to another organisation. Within a particular organisation, users who, having passed an initial layer of security provided by the platform, may be able to modify data resources when this was not the intention.
  • a first aspect provides a method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, wherein the method is performed using one or more processors or special-purpose computing hardware, the method comprising: receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user; performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions; and responsive to verifying said user in accordance with the predetermined set of permissions, creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.
  • the method may further comprise, responsive to verifying said user, identifying one or more annotations in the data resource specification, associating an executable launch function appropriate to the or each identified annotation to the created data resource, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
  • the software platform controller may further determine that the user has been verified prior to providing the launch function with said information.
  • the software platform controller may further determine attributes of the user and/or the data resource using the data resource identifier, and, provides said information based on said attributes.
  • the method may further comprise associating an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform.
  • the secret information may be received from a secure vault, external to the launch function and the software platform controller.
  • the secret information received from the software platform controller may comprise a wrapped token, and wherein the launch function queries the secure server using the secret information to obtain the secret information.
  • the secret information may comprise a password and/or a digital certificate.
  • the said information may define whether the user is permitted to create, edit and/or delete the data resource.
  • Performing verification may comprise verifying that said user is permitted to create new data resources in accordance with the predefined set of permissions.
  • The, or a subsequent, user request may comprise an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link, the method further comprising verifying that said user is permitted to allow access to the data resource by external users, and responsive to verifying that said user is so permitted, the method further comprises creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.
  • the indication that the data resource is required to be accessible to one or more other users may comprise identifying an annotation in the user request associated with said external user access, the method further comprising identifying other user access requests to the data resource by means of a corresponding annotation in the other user requests.
  • the annotation may be provided in a URL path.
  • the method may comprise creating a plurality of replicas of the data resource and routing access requests from the one or more other users by means of a load balancing algorithm.
  • the data resource may be an executable application.
  • the data resource may be an executable data analysis application.
  • the data resource may be a database.
  • the software platform may be a containerised software platform storing and executing multiple data resources for multiple users on multiple host computers.
  • a second aspect provides a computer program, optionally stored on a non-transitory computer readable medium program which, when executed by one or more processors of a data processing apparatus, causes the data processing apparatus to carry out a method according to any preceding definition.
  • a third aspect provides an apparatus configured to carry out the method according to any preceding method definition, the apparatus comprising one or more processors or special-purpose computing hardware.
  • FIG. 1 is a block diagram illustrating a network system comprising a group of application servers of a data processing platform according to embodiments of this specification;
  • FIG. 2 is a block diagram of a computer system according to embodiments of this specification.
  • FIG. 3 is a schematic diagram of a container of a containerised computer platform according to embodiments of this specification.
  • FIG. 4 is a block diagram of functional components of an application for controlling user creation and subsequent access to one or more data resources according to embodiments of this specification;
  • FIG. 5 is a flow diagram showing processing steps that may be performed by the application represented in FIG. 4 according to embodiments of this specification;
  • FIG. 6 is a flow diagram showing further processing steps that may be performed by the application represented in FIG. 4 according to embodiments of this specification;
  • FIG. 7 is a timing diagram showing for a specific example relative timings of data messages between the components represented in FIG. 4 according to embodiments of this specification;
  • FIG. 8 is a schematic diagram of functional components of an application for controlling the ingress of access requests for one or more data resources of a data processing platform according to embodiments of this specification.
  • FIG. 9 is a flow diagram showing processing steps that may be performed as part of an ingress control function according to embodiments of this specification.
  • this specification describes methods and systems for controlling user creation of data resources on a data processing platform suitable for storing and executing data resources for multiple users or sets of users.
  • the data processing platform may, for example, be associated with a cloud computing service, which may provide ubiquitous access to shared pools of servers, storage, computer networks, applications and data resources, which can be rapidly provisioned, often over the Internet.
  • the methods and systems involve receiving a user request from users, the user request being for creating a data resource on the software platform.
  • the user request may be any appropriate form of data message.
  • a data resource in this context is any form of executable software or data structure, usually but not exclusively for providing a service, for example a data analysis application, a data transformation application, a report generating application, a machine learning process, a spreadsheet or a database.
  • the user request may identify the user, which may be a single user or an identifier of their particular client device.
  • the user identifier may be for a group of users.
  • the user identifier may be provided in any suitable form.
  • the user request may comprise a specification which defines a type of data resource required to be created, and may also define metadata, labels, selectors, comments and annotations.
  • Annotations may be labels, e.g. key-value pairs, that contain non-identifying metadata.
  • Annotations may be added to a specification in order to provide the deployment object with relevant information.
  • an annotation may include a release version, a deployment description, an indication that the data resource needs to run a launch function each time it is run or executed and/or that the data resource needs secret information such as one or more passwords and/or digital certificates each time it is run.
  • a verification may be performed on said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification, in accordance with a set of permissions.
  • the verification may query a predetermined verification policy to determine if the user is permitted to create or access databases.
  • the methods and systems may create a version of the data resource based on the specification for deployment on the software platform for subsequent access.
  • the version may be a mutation of a templated version of the data resource, the mutation being particular to the specification and taking account of, for example, any annotations.
  • the mutation may involve associating or attaching a launch function with the created data resource so that the launch function is required to execute before the created data resource is itself run or made accessible to users.
  • the launch function may obtain secret information from an external vault server. This may be performed every time the data resource is subsequently accessed on the data platform.
  • the methods and systems therefore provide a robust and secure way of verifying that a user is permitted to create or otherwise access data resources, based on a specification in the user request, and, if verified, then creates a version of the data resource based on the specification, taking account any annotations (if present) in the specification.
  • the verification procedure may make use of external verification functions additional to, or alternatively to, the software platforms own basic verification procedure.
  • the verification functions may use an external verification policy which defines roles or privilege levels for different users, specifying which functions each user is able to perform, possibly in relation to different types of data resource.
  • the verification policy may make use of a hierarchical structure, for example by specifying that child nodes from a parent node inherit the parent node's privileges.
  • the software platform may be an enterprise software platform associated with an enterprise platform provider.
  • An enterprise software platform enables use by multiple users, internal and external to the enterprise platform provider.
  • the users may be users of different respective organisations, such as different commercial companies.
  • the data resources stored on the software platform may relate to technical data and/or technical processes.
  • an engine manufacturer may create and store a database relating to spare parts for the different models of engines it produces and services.
  • the database may, for example, be a multi-dimensional relational database.
  • Certain analyses may be performed on the database using another application, for example an executable application resource for analysing and/or transforming the data in order to identify trends which may be useful for predicting when certain parts will fail and/or need replacing.
  • the software platform may comprise enterprise applications for machine-analysis of data resources.
  • an organisation may store on the software platform history data for a machine and use an enterprise application for the processing of history data for the machine in order to determine the probability, or a risk score, of the machine, or a component sub-system of the machine, experiencing a fault during a future interval.
  • the enterprise application may use the fault probabilities or risk scores determined for a machine to select a preventative maintenance task which can reduce the probability and/or severity of the machine experiencing a fault.
  • History data for a machine may include sensor logs, a sensor log being multiple measurements of physical parameters captured by a sensor and relating to different points in time (a time series). History data for a machine may also include computer readable logs such as maintenance logs, fault logs and message logs corresponding to a machine.
  • the maintenance log corresponding to the machine may record information such as dates and locations of prior maintenance tasks, details of replacement parts, free text notes made by an engineer or mechanic performing a maintenance task and so forth.
  • the fault log corresponding to the machine may record information such as dates and locations of faults, the types of faults, the period of time required to rectify each fault and so forth.
  • the message log corresponding to a machine such as a ship or construction machinery, and may record messages generated by controllers, processors or similar devices which are integrated into the component sub-systems of the machine.
  • the messages may include a date and time, an identifier of a component sub-system, and message content such as, for example, warning information of information identifying a fault.
  • the software platform on which the data resources are stored and executed may be a proprietary or open source platform, which offers advantages in terms of time-to-deploy on the platform provider's hardware, as well as offering partitioning of data and rolling upgrades.
  • An example open source platform is Kubernetes, which is particularly suited for automated deployment, scaling and management of applications.
  • Such software platforms may employ containerised data resources.
  • a containerised data resource comprises “containers” which hold one or more applications, and associated data libraries, that are guaranteed to be co-located on the same host machine and which can share resources.
  • a basic scheduling unit may be called a pod.
  • a pod may consist of one or more containers.
  • a disadvantage with such software platforms is that they may offer only a basic level of security. For example, there exists the possibility that an application belonging to a first organisation may impact an application or other data resource, belonging to a second organisation which is stored on the same host computer. For example, an organisation that provides different users with different permission rights for different purposes cannot easily implement this level of granularity using such proprietary or open source software platforms. For example, an organisation wishing to create, execute and run one or more enterprise applications stored on a cloud service platform may provide a first set of users with rights to create, execute and edit one or more applications belong to the organisation, and a second set of users with rights only to execute a sub-set of applications, based on their role within the organisation.
  • SSL Secure Sockets Layer
  • ASSL Agglomerated SSL
  • Embodiments herein disclose methods and systems by which, for example, a provider of the software platform can provide more robust security to its users in a convenient way.
  • FIG. 1 is a network diagram depicting a network system 100 comprising a data processing platform 102 in communication with a network-based permissioning system 104 (hereafter “permissioning system”) configured for registering and evaluating access permissions for data resources to which a group of application servers 106 - 108 share common access, according to an example embodiment.
  • the network system 100 may employ a client-server architecture, though the present subject matter is, of course, not limited to such an architecture, and could equally well find application in an event-driven, distributed, or peer-to-peer architecture system, for example.
  • the various functional components of the network system 100 are discussed in the singular sense, multiple instances of one or more of the various functional components may be employed.
  • the data processing platform 102 includes a group of application servers, specifically, servers 106 - 108 , which host network applications 109 - 111 , respectively.
  • the network applications 109 - 111 hosted by the data processing platform 102 may collectively compose an application suite that provides users of the network system 100 with a set of related, although independent, functionalities that are accessible by a common interface.
  • the network applications 109 - 111 may compose a suite of software application tools that can be used to analyse data to develop various insights about the data, and visualize various metrics associated with the data.
  • the network application 109 may be used to analyse data to develop particular metrics with respect to information included therein, while the network application 110 may be used to render graphical representations of such metrics.
  • FIG. 1 illustrates the data processing platform 102 as including a particular number of servers, the subject matter disclosed herein is not limited to any particular number of servers and in other embodiments, fewer or additional servers and applications may be included.
  • the applications 109 - 111 may be associated with a first organisation.
  • One or more other applications may be associated with a second, different organisation.
  • These other applications may be provided on one or more of the application servers 106 , 107 , 108 which need not be specific to a particular organisation.
  • two or more applications are provided on a common server 106 - 108 (or host), they may be containerised which as mentioned above enables them to share common functions.
  • Each of the servers 106 - 108 may in communication with the network-based permissioning system 104 over a network 112 (e.g. the Internet or an intranet). Each of the servers 106 - 108 are further shown to be in communication with a database server 114 that facilitates access to a resource database 116 over the network 112 , though in other embodiments, the servers 106 - 108 may access the resource database 116 directly, without the need for a separate database server 114 .
  • the resource database 116 may stores other data resources that may be used by any one of the applications 109 - 111 hosted by the data processing platform 102 .
  • one or more of the database server 114 and the network-based permissioning system 104 may be local to the data processing platform 102 ; that is, they may be stored in the same location or even on the same server or host as the network applications 109 , 110 , 111 .
  • the network system 100 also includes a client device 118 in communication with the data processing platform 102 and the network-based permissioning system 104 over the network 106 .
  • the client device 118 communicates and exchanges data with the data processing platform 102
  • the client device 118 may be any of a variety of types of devices that include at least a display, a processor, and communication capabilities that provide access to the network 106 (e.g., a smart phone, a tablet computer, a personal digital assistant (PDA), a personal navigation device (PND), a handheld computer, a desktop computer, a laptop or netbook, or a wearable computing device), and may be operated by a user (e.g., a person) to exchange data with other components of the network system 100 that pertains to various functions and aspects associated with the network system 100 and its users.
  • the data exchanged between the client device 118 and the data processing platform 102 involve user-selected functions available through one or more user interfaces (UIs).
  • UIs user interfaces
  • the UIs may be specifically associated with a web client (e.g., a browser) or an application 109 - 111 executing on the client device 118 that is in communication with the data processing platform 102 .
  • the network-based permissioning system 104 provides user interfaces to a user of the client device 118 (e.g., by communicating a set of computer-readable instructions to the client device 118 that cause the client device 118 to display the user interfaces) that allow the user to register policies associated with data resources stored in the resource database 116 .
  • FIG. 2 a block diagram of an exemplary computer system 137 , which may comprise the data processing platform 102 , one or more of the servers 106 - 108 , the database server 114 and/or the network-based permissioning system 104 , consistent with examples of the present specification is shown.
  • Computer system 137 includes a bus 138 or other communication mechanism for communicating information, and a hardware processor 139 coupled with bus 138 for processing information.
  • Hardware processor 139 can be, for example, a general purpose microprocessor.
  • Hardware processor 139 comprises electrical circuitry.
  • Computer system 137 includes a main memory 140 , such as a random access memory (RAM) or other dynamic storage device, which is coupled to the bus 138 for storing information and instructions to be executed by processor 139 .
  • the main memory 140 can also be used for storing temporary variables or other intermediate information during execution of instructions by the processor 139 .
  • Such instructions when stored in non-transitory storage media accessible to the processor 139 , render the computer system 137 into a special-purpose machine that is customized to perform the operations specified in the instructions.
  • Computer system 137 further includes a read only memory (ROM) 141 or other static storage device coupled to the bus 138 for storing static information and instructions for the processor 139 .
  • ROM read only memory
  • a storage device 142 such as a magnetic disk or optical disk, is provided and coupled to the bus 138 for storing information and instructions.
  • Computer system 137 can be coupled via the bus 138 to a display 143 , such as a cathode ray tube (CRT), liquid crystal display, or touch screen, for displaying information to a user.
  • a display 143 such as a cathode ray tube (CRT), liquid crystal display, or touch screen
  • An input device 144 is coupled to the bus 138 for communicating information and command selections to the processor 139 .
  • cursor control 145 is Another type of user input device, for example using a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to the processor 139 and for controlling cursor movement on the display 143 .
  • the input device typically has two degrees of freedom in two axes, a first axis (for example, x) and a second axis (for example, y), that allows the device to specify positions in a plane.
  • Computer system 137 can implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computer system causes or programs computer system 137 to be a special-purpose machine. According to some embodiments, the operations, functionalities, and techniques disclosed herein are performed by computer system 137 in response to the processor 139 executing one or more sequences of one or more instructions contained in the main memory 140 . Such instructions can be read into the main memory 40 from another storage medium, such as storage device 142 . Execution of the sequences of instructions contained in main memory 140 causes the processor 139 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry can be used in place of or in combination with software instructions.
  • Non-volatile media includes, for example, optical or magnetic disks, such as storage device 142 .
  • Volatile media includes dynamic memory, such as main memory 140 .
  • Common forms of storage media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, NVRAM, any other memory chip or cartridge.
  • Storage media is distinct from, but can be used in conjunction with, transmission media.
  • Transmission media participates in transferring information between storage media.
  • transmission media includes coaxial cables, copper wire and fibre optics, including the wires that comprise bus 138 .
  • transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
  • the instructions can initially be carried on a magnetic disk or solid state drive of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line or other transmission medium using a modem.
  • a modem local to computer system 137 can receive the data on the telephone line or other transmission medium and use an infra-red transmitter to convert the data to an infra-red signal.
  • An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 138 .
  • Bus 138 carries the data to the main memory 140 , from which the processor 139 retrieves and executes the instructions.
  • the instructions received by the main memory 140 can optionally be stored on the storage device 142 either before or after execution by the processor 139 .
  • Computer system 137 also includes a communication interface 146 coupled to the bus 138 .
  • the communication interface 146 provides a two-way data communication coupling to a network link 147 that is connected to a local network 148 .
  • the communication interface 146 can be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • the communication interface 146 can be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links can also be implemented.
  • the communication interface 146 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • the network link 147 typically provides data communication through one or more networks to other data devices.
  • the network link 147 can provide a connection through the local network 148 to a host computer 149 or to data equipment operated by an Internet Service Provider (ISP) 150 .
  • the ISP 150 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 151 .
  • the local network 148 and internet 151 both use electrical, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on the network link 147 and through the communication interface 146 which carry the digital data to and from the computer system 137 , are example forms of transmission media.
  • the computer system 137 can send messages and receive data, including program code, through the network(s), network link 147 and communication interface 146 .
  • a first application server 106 may transmit data through the local network 148 to a different application server 107 , 108 .
  • the data processing platform 102 may be a containerised data processing platform.
  • a containerised data platform comprises “containers” which hold one or more applications, and associated data libraries, that are guaranteed to be co-located on the same host machine and which can share resources.
  • Such software platforms may also provide a set of primitives which collectively provide mechanisms for deploying, maintaining and scaling applications.
  • a basic scheduling unit may be called a pod.
  • a pod may consist of one or more containers.
  • FIG. 3 is a schematic view of a container 160 of a containerised data processing platform.
  • the container 160 in this case comprises first to fourth applications 162 , 163 , 164 , 165 , each having an associated library of functions, and a kernel 168 .
  • One or more of the first to fourth applications 162 - 165 may form part of a pod.
  • the first to third applications 162 - 164 may comprise a first pod and the fourth application 165 may comprise a second pod.
  • the first pod may comprise a first external organisation's applications, whereas the second pod may comprise a second external organisation's applications. Either way, the first and second pods run in the same kernel, in this example.
  • one of the application servers 106 in the data processing platform 102 shown in FIG. 1 comprises an access control application 109 configured to manage user access to other applications 110 , 111 on one or more of the other application servers 107 , 108 in accordance with the following.
  • the access control application 109 controls or manages creation of data resources in a more secure, robust and secure way.
  • the access control application 109 can be configured to manage user access to data resources stored on the same application server 106 and to other forms of data resource, for example stored in the resource database 116 on the database server 114 .
  • FIG. 4 is a schematic block diagram of functional components of the access control application 109 and its associated data structures. In other embodiments, the functional components may be arranged as a plurality of separate, interacting applications and data structures.
  • the access control application 109 comprises an application program interface (API) 200 , a permissioning module 202 , an admissions controller 208 , and a launch controller 214 .
  • API application program interface
  • the authentication and authorisation modules 206 , 207 may be provided by separate modules, external to the access control application 109 .
  • the API 200 is arranged to receive user requests 220 from external users, e.g. from the client device 118 shown in FIG. 1 , for accessing a data resource, which can include one or more of creating a new application on one or more of the servers 106 - 109 , accessing an existing one of the applications 110 , 111 , and deleting an existing one of the applications.
  • a data resource can include one or more of creating a new application on one or more of the servers 106 - 109 , accessing an existing one of the applications 110 , 111 , and deleting an existing one of the applications.
  • the user request 220 may typically comprise in data form a user identifier associated with the requesting user, and an indication of the resource, e.g. the application they wish to access, by means of a specification.
  • the specification defines a type of data resource required to be created, and may also define metadata, labels, selectors, comments and annotations.
  • Annotations may be labels, e.g. key-value pairs, that contain non-identifying metadata.
  • Annotations may be added to a specification in order to provide the deployment object with relevant information.
  • an annotation may include a release version, a deployment description, an indication that the data resource needs to run a launch function each time it is run or executed and/or that the data resource needs secret information such as one or more passwords and/or digital certificates each time it is run.
  • the user request 220 may also indicate in data form the type of access required, e.g. create application.
  • the user request 220 may also indicate in data form the role of said user that issued the user request, although the role may be mapped by the permissioning system 202 based on the user identifier.
  • the API 200 upon receipt of the user request 220 , initially requests verification of the user request by means of the permissioning system 202 .
  • a first stage may comprise an authentication stage and a second stage may comprise an authorization stage.
  • the two stages may be implemented in separate messages between the API 200 and the permissioning system, or in a combined message.
  • the permissioning system 202 which may be the network-based permissioning system 104 shown in FIG. 1 , is responsive to receiving the verification request from the API 200 to authenticate the user identified in the user request.
  • the verification request from the API 200 to the permissioning system 202 may be an “Authn” message. Authentication in this sense may simply mean verifying that the user that issued the user request 220 is who they say they are. This may be by means of a token-based authentication system, whereby the user is pre-registered with the permissioning system 104 through some prior registration method, such that each time a new user request 220 is issued by the user (from a terminal they are logged into) it is accompanied by a signed token which the permissioning system 202 verifies for authenticity.
  • the signed token may be of any suitable type, for example a JSON Web Token (JWT).
  • JWT JSON Web Token
  • verification may be by means of a single sign on (SSO).
  • SSO single sign on
  • the permissioning system 202 may operate in conjunction with the authentication module 204 which authenticates (or denies) the user by checking the authenticity of the SSO, or the signed token, transmitted with the user request 220 .
  • the authentication module 204 If the user is authenticated by the authentication module 204 , a positive authentication message is sent back to the permissioning system 202 which then proceeds to the second stage of verification whereby the user is authorised. If the authentication fails, the authentication module 206 will issue a denial message back to the permissioning system 202 which may then communicate said fact to the user via the API 200 and the process goes no further.
  • the permissioning system 202 communicates an authorisation request to the authorisation module 206 .
  • This may be by means of an “Authz” message sent to the authorisation module 206 , which may be an Authz platform.
  • the authorisation module 206 answers a different set of questions, such as “what is the identified user able to access?”
  • the user may be a senior developer, as organised through the prior registration method, in which case the user may be granted different access rights than other users having different role(s).
  • a software developer may be able to create, edit/modify, and delete data resources such as applications on the data processing platform 102 , data resources on the resource database 116 and so on.
  • another user having a different role e.g. a junior developer
  • a junior developer may only be able to create and edit/modify data resources, and not delete data resources.
  • the authorisation module 206 may store for the or each organisation registered with the access control application 109 a table or database representing the different organisations, their registered users, and the various roles and associated permissions connected with the roles. These may be defined by each organisation via a prior registration procedure and updated as and when new users join, other users leave, and roles change.
  • certain types of user role may be limited to certain types of data resource.
  • certain roles may be authorised in relation to databases only, applications only, or data resources of a particular category, e.g. related to Project X. Users may also be authorised based on certain annotations, metadata or labels forming part of the data resource specification.
  • users may derive authorisations based on a hierarchical structure.
  • a first node may represent a senior developer that has certain permissions, and all child nodes from the first node may represent other developers in the senior developer's team, or under their control, that may automatically receive the same permissions or a subset thereof.
  • the authorisation module 206 may store for the or each organisation a policy object that specifies the operations that each user is authorised to perform with respect to data resources, or a subset of data resources. Further, the policy object may specify one or more further conditions.
  • the authorisation module 206 Having determined the operations that the requesting user is authorised to perform, the authorisation module 206 returns an authorisation reply, indicating said operations and, if appropriate, further conditions to the permissioning system 202 .
  • the permissioning system 202 subsequently sends the authorisation reply to the API 200 .
  • the API 200 subsequently generates and sends to the admissions controller module 208 a data message indicating, for the requesting user: the indication of the data resource they wish to access and the type of access they require (both sets of data being provided in the user request 220 ) and the authorisation reply or data derived therefrom.
  • the admissions controller module 208 is arranged to determine if the requesting user is permitted to perform the type of access they require on the indicated data resource based on the authorisation reply.
  • the user request 220 comprised a request to create a new database
  • the user may be authenticated by the authenticate module 204 but, when the “Authz” message is subsequently sent to the authorisation module 206 , it may be that the user is only authorised to edit/modify existing databases.
  • the admissions controller module 208 will receive from the API 200 data indicating that the user wishes to create a new database, but that they are only authorised to edit/modify. In this case, the admission controller module 208 may prevent the user from proceeding with the user request 220 .
  • a review response is sent from the admissions controller 208 , back to the API 200 for it to proceed with the user request 220 .
  • version of the data resource is created based on modifying, or mutating, a template of the data resource using the specification in the user request 220 .
  • the API 200 is responsive to the verification instruction from the admissions controller 208 to generate the new database application based on the annotations, labels, metadata and/or any other configuration information in the specification.
  • the API 200 generates a ‘pod’ 210 comprised of one or more containerised applications, for which refer to FIG. 3 .
  • a new data resource i.e. the pod 210
  • the pod 210 has been created only after the user was authenticated and verified for permissions and then the pod itself is created based on the specification initially presented.
  • the access control application 109 can control what is created, by who (provided they have prior permission), and that it meets the specification.
  • the new data resource can be deployed to the software platform at this point, in a trusted way in the knowledge that the data resource conforms to, for example, security requirements of the software platform in terms of verification and the structure of the mutated data resource.
  • the generated pod 210 may have a specification that requires other functions to be performed on the pod when accessed, e.g. when users wish to edit/modify, or execute the pod.
  • This additional functionality may be provided by other data resources, for example a data resource associated with the platform or with another organisation.
  • the other data resource may be external to the platform.
  • the specification may, for example, specify that other data is needed
  • the specification may require that secret information be verified prior to enabling user access to the pod, e.g. to require external users to authenticate themselves before they can then execute, edit and/or access the pod.
  • the secret information may be one or more of a password or digital certificate for protecting data in transit.
  • the secret information may be stored in the vault module 216 , which is a secure storage module.
  • the vault module 216 may be external to the access control application 109 in some embodiments, as is indicated in FIG. 4 . Thus, it may be appropriate to request and/or receive the secret information over a secure, encrypted link, such as by using SSL or ASSL.
  • the API 200 also generates in association with the generated pod 210 a so-called launch function, here referred to as “launchpod” 212 .
  • the launchpod 212 is an executable file, tied or otherwise attached to the pod 210 , which is required to be executed to initialise the pod 210 , and also executed each time the pod 210 is subsequently executed by the data processing platform 102 so that the additional functionality can be provided in accordance with the specification and also to meet the policies and requirements of the software platform itself.
  • the launchpod 212 automatically sends a launchpod request to the launch controller module 214 .
  • the launchpod request indicates the identity of the pod 210 with which it is associated.
  • the launch controller module 214 verifies the launchpod 212 .
  • the fact that the launchpod 212 could only have been created if the user was verified for the provided specification is an implicit form of verification in this case.
  • the launch controller module 214 then sends a request to the API 200 which returns, based on the launch pod identity, its specification so that the launch controller module can identify the additional functionality required.
  • the launch controller module 214 can then provide the pod 210 with the additional functionality in a secure manner appropriate to the software platform, which may comprise access information.
  • the access information may be a password and/or digital certificate, or data usable to obtain a password and/or digital certificate.
  • a secure link such as by using SSL or ASSL may be appropriate for this function, and therefore a possible requirement of the software platform.
  • the launch controller module 214 may recognise in accordance with an internal platform policy that, for a specification using an annotation requiring secret information, it is necessary to send a request to the vault module 216 using SSL or ASSL for secret data to be generated for use by the pod 210 subsequently.
  • the vault module 216 may issue a wrapped token, which may be a one-time use token, which is sent to the launch controller module 214 using SSL or ASSL.
  • the launch controller module 214 may then pass the received wrapped token and secret descriptors to the launchpod 212 .
  • the launchpod 212 may then obtain the secret information by directly sending the wrapped token and secret descriptors to the vault module 216 over SSL or ASSL.
  • the vault module 216 may subsequently pass the secret information to the launchpod 212 directly based on the wrapped token and secret descriptors. Again, this is performed over SSL or ASSL.
  • the launch controller module 214 acts as a trusted intermediary between a launchpod 212 for obtaining the verified data resource specification for the user, and implementing additional functionality in accordance with the data platform's policies. For example, by recognising that secret information is required to access the data resource, the launch controller module 214 can implement this each time the data resource is accessed (causing the launchpod 212 to be executed) by using a secure link to communicate with the vault module 216 .
  • the above methods and systems provide a form of ‘bootstrapping’ to impose controls on how data resources are newly created and subsequently accessed, and thus avoids data resources detrimentally impacting other data resources which may be due to inexperience or malicious intent.
  • FIG. 5 is a generalised flow diagram of processing operations that may be performed by the FIG. 2 processor 139 in running the access control application 109 .
  • a first operation 5 . 1 comprises receiving a user request including a user identifier and a specification of a data resource.
  • a second operation 5 . 2 comprises verifying the user based on their user identifier and the requested data resource.
  • a third operation 5 . 3 comprises, responsive to verification, creating a version of the requested data resource in accordance with the specification.
  • FIG. 6 is a generalised flow diagram of further processing operations that may be performed by the FIG. 2 processor 139 in running the access control application 109 .
  • a first operation 6 . 1 which may directly follow operation 5 . 3 , comprises identifying one or more annotations in the specification of the requested data resource.
  • a second operation 6 . 2 may comprise associating a launch function to the created version of the data resource.
  • a third operation 6 . 3 may comprise executing the launch function to transmit a data resource identifier to a controller module.
  • a fourth operation 6 . 4 may comprise receiving from the controller module access information necessary for performing one or more tasks on the created data resource.
  • FIG. 7 is a data timing diagram which indicates, for a more specific example, the relative timings of data messages between the modules shown in FIG. 4 .
  • a user wishes to create a new data resource, or “pod”, which requires secret information each time it is accessed via the software platform subsequently.
  • a first operation 7 . 1 comprises the API 200 receiving a user request.
  • a second operation 7 . 2 comprises the API 200 sending an Authn request, e.g. a token review request, to the permissioning system 202 .
  • an Authn request e.g. a token review request
  • a third operation 7 . 3 comprises the permissioning system 202 sending a verify token message to the authentication module 204 .
  • a fourth operation 7 . 4 comprises the permissioning system 202 receiving a verify (or deny) response from the authentication module 204 .
  • a fifth operation 7 . 5 comprises the API 200 sending an Authz request, e.g. a subject review request, to the permissioning system 202 .
  • a sixth operation 7 . 6 comprises the permissioning system 202 sending an authorise user message to the authorisation module 206 .
  • a seventh operation 7 . 7 comprises the permissioning system 202 receiving an authorise response from the authorisation module 206 , indicating the permissions that the user has.
  • An eighth operation 7 . 8 comprises comprises the permissioning system 202 providing a result to the API 200 indicative that the user is authenticated and the permissions they have.
  • a ninth operation 7 . 9 comprises the API 200 providing the users permissions and at least part of the user resource specification to the admissions controller 208 .
  • a tenth operation 7 . 10 comprises the admissions controller 208 determining if the user is permitted to perform the function(s) indicated in the user resource specification based on their permissions, e.g. to create a new database in container X. This determination is provided to the API 200 .
  • the API 200 creates a pod 210 for the requested data resource based on a template and information in the specification for the user. If the specification indicates that one or more further functions are required, the API 200 also creates a launchpod 212 which is associated with the created pod 210 .
  • the launchpod 212 sends a POST request to the launch controller 214 , including the name of the pod 210 .
  • the launch controller 214 sends a GET request to the API 200 for the specification associated with the pod 210 .
  • the GET request may also request the verification result.
  • the API 200 sends the pod specification (and verification result, if needed) to the launch controller 214 .
  • the launch controller 214 upon recognising that the launchpod requests secrets (such as one or more passwords or digital certificates) sends a POST request to the secure vault 216 for it to create secrets for the pod 210 .
  • secrets such as one or more passwords or digital certificates
  • the launch controller 214 receives access information in the form of a wrapped token from the secure vault 216 , together with secret descriptors.
  • the launch controller 214 sends the wrapped token and secret descriptors to the launchpod 212 .
  • the launchpod 212 directly requests secrets from the secure vault 216 using the wrapped token and secret descriptors.
  • the launched 212 receives the requested secrets (provided the wrapped token and secret descriptors are valid) from the secure vault 216 .
  • steps of verification and execution of the launch function may also be performed for subsequent accessing steps, for example for a different user to execute, edit/modify or delete the created data resource, provided they have the appropriate permissions.
  • one or more further modules of the access control application 109 may be arranged to route external requests to the data resource in a secure way.
  • the access control application 109 is arranged to create one or more replicas (copies) of the data resource, and, upon receiving a subsequent external request using the path, routes the request to the replica, or one of the replicas, instead of the original version. This avoids corruption of the original version by external traffic, which may originate from a malicious source.
  • this routing may also be performed via one or more load balancers, to ensure that multiple requests are distributed appropriately to the replicas in accordance with a load balancing algorithm.
  • the access control application 109 may provide a so-called ingress controller for this purpose.
  • FIG. 8 is a schematic diagram, showing functional operations and interactions of the access control application 109 for performing ingress control according to an example embodiment.
  • An API 250 which may the API 200 shown in FIG. 4 , creates a service resource called in this case “Annotations” 252 .
  • a replica set 254 of the data resource may be created by the API 250 , in this case comprising first to third replicas 254 a , 254 b , 254 c.
  • FIG. 9 is a generalised flow diagram of processing operations that may be performed by the FIG. 8 API 250 in co-operation with the ingress controller 256 of the access control application 109 .
  • a first operation 9 . 1 may comprise identifying a data resource requiring access by external users.
  • a second operation 9 . 2 may comprise creating one or more replicas of the data resource.
  • a third operation 9 . 3 may comprise routing access requests by external users to the one or more replicas.

Abstract

Methods and systems are disclosed for controlling user creation of data resources on a software platform for storing and executing data resources for multiple users. The methods and systems may be performed using one or more processors or special-purpose computing hardware, and may comprise receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user. A further operation may comprise performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions. A further operation may comprise, responsive to verifying said user in accordance with the predetermined set of permissions, creating a version the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.

Description

FIELD OF THE DISCLOSURE
The present disclosure relates to a method and systems for controlling user creation of data resources on a data processing platform, for example a cloud-based data processing platform storing and executing multiple data resources for multiple users.
BACKGROUND
Cloud computing is a computing infrastructure for enabling ubiquitous access to shared pools of servers, storage, computer networks, applications and data resources, which can be rapidly provisioned, often over the Internet.
A data resource in this context is any form of executable software or data structure, usually but not exclusively for providing a service, for example a data analysis application, a data transformation application, a report generating application, a machine learning process, a spreadsheet or a database.
Some companies provide cloud computing services for registered customers, for example manufacturing and technology companies, to create, store, manage and execute their own data resources. Sometimes, these data resources may interact with other software resources, for example those provided by the cloud platform provider.
For example, an engine manufacturer may create and store a database relating to spare parts for the different models of engines it produces and services. The database may, for example, be a multi-dimensional relational database. The engine manufacturer may also create one or more data analysis applications for performing certain tasks on data held in the database, for example to analyse and/or transform the data in order to identify trends which may be useful for predicting when certain parts will fail and/or need replacing, and hence when to produce and deploy the spare parts.
Proprietary or open-source software platforms used for such applications can be limited in terms of robustness and security, which can be problematic given that multiple different organisations may be storing and executing their own data resources on the same platform. There is a concern, for example, that data resources belonging to one organisation may impact data resources belonging to another organisation. Within a particular organisation, users who, having passed an initial layer of security provided by the platform, may be able to modify data resources when this was not the intention.
SUMMARY
A first aspect provides a method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, wherein the method is performed using one or more processors or special-purpose computing hardware, the method comprising: receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user; performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions; and responsive to verifying said user in accordance with the predetermined set of permissions, creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.
The method may further comprise, responsive to verifying said user, identifying one or more annotations in the data resource specification, associating an executable launch function appropriate to the or each identified annotation to the created data resource, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
The software platform controller may further determine that the user has been verified prior to providing the launch function with said information. The software platform controller may further determine attributes of the user and/or the data resource using the data resource identifier, and, provides said information based on said attributes.
In response to identifying an annotation associated with a security feature, the method may further comprise associating an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform.
The secret information may be received from a secure vault, external to the launch function and the software platform controller.
The secret information received from the software platform controller may comprise a wrapped token, and wherein the launch function queries the secure server using the secret information to obtain the secret information.
The secret information may comprise a password and/or a digital certificate.
The said information may define whether the user is permitted to create, edit and/or delete the data resource.
Performing verification may comprise verifying that said user is permitted to create new data resources in accordance with the predefined set of permissions.
The, or a subsequent, user request may comprise an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link, the method further comprising verifying that said user is permitted to allow access to the data resource by external users, and responsive to verifying that said user is so permitted, the method further comprises creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.
The indication that the data resource is required to be accessible to one or more other users may comprise identifying an annotation in the user request associated with said external user access, the method further comprising identifying other user access requests to the data resource by means of a corresponding annotation in the other user requests.
The annotation may be provided in a URL path.
The method may comprise creating a plurality of replicas of the data resource and routing access requests from the one or more other users by means of a load balancing algorithm.
The data resource may be an executable application.
The data resource may be an executable data analysis application.
The data resource may be a database.
The software platform may be a containerised software platform storing and executing multiple data resources for multiple users on multiple host computers.
A second aspect provides a computer program, optionally stored on a non-transitory computer readable medium program which, when executed by one or more processors of a data processing apparatus, causes the data processing apparatus to carry out a method according to any preceding definition.
A third aspect provides an apparatus configured to carry out the method according to any preceding method definition, the apparatus comprising one or more processors or special-purpose computing hardware.
BRIEF DESCRIPTION OF THE DRAWINGS
Example embodiments will now be described by way of non-limiting example with reference to the accompanying drawings, in which:
FIG. 1 is a block diagram illustrating a network system comprising a group of application servers of a data processing platform according to embodiments of this specification;
FIG. 2 is a block diagram of a computer system according to embodiments of this specification;
FIG. 3 is a schematic diagram of a container of a containerised computer platform according to embodiments of this specification;
FIG. 4 is a block diagram of functional components of an application for controlling user creation and subsequent access to one or more data resources according to embodiments of this specification;
FIG. 5 is a flow diagram showing processing steps that may be performed by the application represented in FIG. 4 according to embodiments of this specification;
FIG. 6 is a flow diagram showing further processing steps that may be performed by the application represented in FIG. 4 according to embodiments of this specification;
FIG. 7 is a timing diagram showing for a specific example relative timings of data messages between the components represented in FIG. 4 according to embodiments of this specification;
FIG. 8 is a schematic diagram of functional components of an application for controlling the ingress of access requests for one or more data resources of a data processing platform according to embodiments of this specification; and
FIG. 9 is a flow diagram showing processing steps that may be performed as part of an ingress control function according to embodiments of this specification.
 DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS
In brief, this specification describes methods and systems for controlling user creation of data resources on a data processing platform suitable for storing and executing data resources for multiple users or sets of users. The data processing platform may, for example, be associated with a cloud computing service, which may provide ubiquitous access to shared pools of servers, storage, computer networks, applications and data resources, which can be rapidly provisioned, often over the Internet.
The methods and systems involve receiving a user request from users, the user request being for creating a data resource on the software platform. The user request may be any appropriate form of data message.
A data resource in this context is any form of executable software or data structure, usually but not exclusively for providing a service, for example a data analysis application, a data transformation application, a report generating application, a machine learning process, a spreadsheet or a database.
The user request may identify the user, which may be a single user or an identifier of their particular client device. The user identifier may be for a group of users. The user identifier may be provided in any suitable form.
The user request may comprise a specification which defines a type of data resource required to be created, and may also define metadata, labels, selectors, comments and annotations. Annotations may be labels, e.g. key-value pairs, that contain non-identifying metadata. Annotations may be added to a specification in order to provide the deployment object with relevant information. For example, an annotation may include a release version, a deployment description, an indication that the data resource needs to run a launch function each time it is run or executed and/or that the data resource needs secret information such as one or more passwords and/or digital certificates each time it is run.
A verification may be performed on said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification, in accordance with a set of permissions. Thus, if the specification relates to, for example, a database, then the verification may query a predetermined verification policy to determine if the user is permitted to create or access databases.
If verification is performed, the methods and systems may create a version of the data resource based on the specification for deployment on the software platform for subsequent access. The version may be a mutation of a templated version of the data resource, the mutation being particular to the specification and taking account of, for example, any annotations. For example, the mutation may involve associating or attaching a launch function with the created data resource so that the launch function is required to execute before the created data resource is itself run or made accessible to users. In one example, the launch function may obtain secret information from an external vault server. This may be performed every time the data resource is subsequently accessed on the data platform.
The methods and systems therefore provide a robust and secure way of verifying that a user is permitted to create or otherwise access data resources, based on a specification in the user request, and, if verified, then creates a version of the data resource based on the specification, taking account any annotations (if present) in the specification. The verification procedure may make use of external verification functions additional to, or alternatively to, the software platforms own basic verification procedure.
For example, the verification functions may use an external verification policy which defines roles or privilege levels for different users, specifying which functions each user is able to perform, possibly in relation to different types of data resource. In some embodiments, the verification policy may make use of a hierarchical structure, for example by specifying that child nodes from a parent node inherit the parent node's privileges.
The software platform may be an enterprise software platform associated with an enterprise platform provider. An enterprise software platform enables use by multiple users, internal and external to the enterprise platform provider. The users may be users of different respective organisations, such as different commercial companies.
The data resources stored on the software platform may relate to technical data and/or technical processes. For example, an engine manufacturer may create and store a database relating to spare parts for the different models of engines it produces and services. The database may, for example, be a multi-dimensional relational database. Certain analyses may be performed on the database using another application, for example an executable application resource for analysing and/or transforming the data in order to identify trends which may be useful for predicting when certain parts will fail and/or need replacing.
For this purpose, the software platform may comprise enterprise applications for machine-analysis of data resources. For example, an organisation may store on the software platform history data for a machine and use an enterprise application for the processing of history data for the machine in order to determine the probability, or a risk score, of the machine, or a component sub-system of the machine, experiencing a fault during a future interval. The enterprise application may use the fault probabilities or risk scores determined for a machine to select a preventative maintenance task which can reduce the probability and/or severity of the machine experiencing a fault.
History data for a machine may include sensor logs, a sensor log being multiple measurements of physical parameters captured by a sensor and relating to different points in time (a time series). History data for a machine may also include computer readable logs such as maintenance logs, fault logs and message logs corresponding to a machine. The maintenance log corresponding to the machine may record information such as dates and locations of prior maintenance tasks, details of replacement parts, free text notes made by an engineer or mechanic performing a maintenance task and so forth. The fault log corresponding to the machine may record information such as dates and locations of faults, the types of faults, the period of time required to rectify each fault and so forth. The message log corresponding to a machine, such as a ship or construction machinery, and may record messages generated by controllers, processors or similar devices which are integrated into the component sub-systems of the machine. The messages may include a date and time, an identifier of a component sub-system, and message content such as, for example, warning information of information identifying a fault.
The above application is mentioned by way of example.
The software platform on which the data resources are stored and executed may be a proprietary or open source platform, which offers advantages in terms of time-to-deploy on the platform provider's hardware, as well as offering partitioning of data and rolling upgrades. An example open source platform is Kubernetes, which is particularly suited for automated deployment, scaling and management of applications. Such software platforms may employ containerised data resources.
In this regard, a containerised data resource comprises “containers” which hold one or more applications, and associated data libraries, that are guaranteed to be co-located on the same host machine and which can share resources.
Such software platforms may also provide a set of primitives which collectively provide mechanisms for deploying, maintaining and scaling applications. A basic scheduling unit may be called a pod. A pod may consist of one or more containers.
A disadvantage with such software platforms is that they may offer only a basic level of security. For example, there exists the possibility that an application belonging to a first organisation may impact an application or other data resource, belonging to a second organisation which is stored on the same host computer. For example, an organisation that provides different users with different permission rights for different purposes cannot easily implement this level of granularity using such proprietary or open source software platforms. For example, an organisation wishing to create, execute and run one or more enterprise applications stored on a cloud service platform may provide a first set of users with rights to create, execute and edit one or more applications belong to the organisation, and a second set of users with rights only to execute a sub-set of applications, based on their role within the organisation.
Further disadvantages may exist in terms of security-in-transit, that is when secure, secret data such as passwords and certificates need to be securely passed between data resources, particularly those on different hosts, using a secure protocol such as the Secure Sockets Layer (SSL) or Agglomerated SSL (ASSL.)
In general, it may be difficult for different organisations wishing to use such software platforms to be provided with the levels of verification and security they require. Embodiments herein disclose methods and systems by which, for example, a provider of the software platform can provide more robust security to its users in a convenient way.
FIG. 1 is a network diagram depicting a network system 100 comprising a data processing platform 102 in communication with a network-based permissioning system 104 (hereafter “permissioning system”) configured for registering and evaluating access permissions for data resources to which a group of application servers 106-108 share common access, according to an example embodiment. Consistent with some embodiments, the network system 100 may employ a client-server architecture, though the present subject matter is, of course, not limited to such an architecture, and could equally well find application in an event-driven, distributed, or peer-to-peer architecture system, for example. Moreover, it shall be appreciated that although the various functional components of the network system 100 are discussed in the singular sense, multiple instances of one or more of the various functional components may be employed.
The data processing platform 102 includes a group of application servers, specifically, servers 106-108, which host network applications 109-111, respectively. The network applications 109-111 hosted by the data processing platform 102 may collectively compose an application suite that provides users of the network system 100 with a set of related, although independent, functionalities that are accessible by a common interface. For example, the network applications 109-111 may compose a suite of software application tools that can be used to analyse data to develop various insights about the data, and visualize various metrics associated with the data. To further this example, the network application 109 may be used to analyse data to develop particular metrics with respect to information included therein, while the network application 110 may be used to render graphical representations of such metrics. It shall be appreciated that although FIG. 1 illustrates the data processing platform 102 as including a particular number of servers, the subject matter disclosed herein is not limited to any particular number of servers and in other embodiments, fewer or additional servers and applications may be included.
The applications 109-111 may be associated with a first organisation. One or more other applications (not shown) may be associated with a second, different organisation. These other applications may be provided on one or more of the application servers 106, 107, 108 which need not be specific to a particular organisation. Where two or more applications are provided on a common server 106-108 (or host), they may be containerised which as mentioned above enables them to share common functions.
Each of the servers 106-108 may in communication with the network-based permissioning system 104 over a network 112 (e.g. the Internet or an intranet). Each of the servers 106-108 are further shown to be in communication with a database server 114 that facilitates access to a resource database 116 over the network 112, though in other embodiments, the servers 106-108 may access the resource database 116 directly, without the need for a separate database server 114. The resource database 116 may stores other data resources that may be used by any one of the applications 109-111 hosted by the data processing platform 102.
In other embodiments, one or more of the database server 114 and the network-based permissioning system 104 may be local to the data processing platform 102; that is, they may be stored in the same location or even on the same server or host as the network applications 109, 110, 111.
As shown, the network system 100 also includes a client device 118 in communication with the data processing platform 102 and the network-based permissioning system 104 over the network 106. The client device 118 communicates and exchanges data with the data processing platform 102
The client device 118 may be any of a variety of types of devices that include at least a display, a processor, and communication capabilities that provide access to the network 106 (e.g., a smart phone, a tablet computer, a personal digital assistant (PDA), a personal navigation device (PND), a handheld computer, a desktop computer, a laptop or netbook, or a wearable computing device), and may be operated by a user (e.g., a person) to exchange data with other components of the network system 100 that pertains to various functions and aspects associated with the network system 100 and its users. The data exchanged between the client device 118 and the data processing platform 102 involve user-selected functions available through one or more user interfaces (UIs). The UIs may be specifically associated with a web client (e.g., a browser) or an application 109-111 executing on the client device 118 that is in communication with the data processing platform 102. For example, the network-based permissioning system 104 provides user interfaces to a user of the client device 118 (e.g., by communicating a set of computer-readable instructions to the client device 118 that cause the client device 118 to display the user interfaces) that allow the user to register policies associated with data resources stored in the resource database 116.
Referring to FIG. 2, a block diagram of an exemplary computer system 137, which may comprise the data processing platform 102, one or more of the servers 106-108, the database server 114 and/or the network-based permissioning system 104, consistent with examples of the present specification is shown.
Computer system 137 includes a bus 138 or other communication mechanism for communicating information, and a hardware processor 139 coupled with bus 138 for processing information. Hardware processor 139 can be, for example, a general purpose microprocessor. Hardware processor 139 comprises electrical circuitry.
Computer system 137 includes a main memory 140, such as a random access memory (RAM) or other dynamic storage device, which is coupled to the bus 138 for storing information and instructions to be executed by processor 139. The main memory 140 can also be used for storing temporary variables or other intermediate information during execution of instructions by the processor 139. Such instructions, when stored in non-transitory storage media accessible to the processor 139, render the computer system 137 into a special-purpose machine that is customized to perform the operations specified in the instructions.
Computer system 137 further includes a read only memory (ROM) 141 or other static storage device coupled to the bus 138 for storing static information and instructions for the processor 139. A storage device 142, such as a magnetic disk or optical disk, is provided and coupled to the bus 138 for storing information and instructions.
Computer system 137 can be coupled via the bus 138 to a display 143, such as a cathode ray tube (CRT), liquid crystal display, or touch screen, for displaying information to a user. An input device 144, including alphanumeric and other keys, is coupled to the bus 138 for communicating information and command selections to the processor 139. Another type of user input device is cursor control 145, for example using a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to the processor 139 and for controlling cursor movement on the display 143. The input device typically has two degrees of freedom in two axes, a first axis (for example, x) and a second axis (for example, y), that allows the device to specify positions in a plane.
Computer system 137 can implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computer system causes or programs computer system 137 to be a special-purpose machine. According to some embodiments, the operations, functionalities, and techniques disclosed herein are performed by computer system 137 in response to the processor 139 executing one or more sequences of one or more instructions contained in the main memory 140. Such instructions can be read into the main memory 40 from another storage medium, such as storage device 142. Execution of the sequences of instructions contained in main memory 140 causes the processor 139 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry can be used in place of or in combination with software instructions.
The term “storage media” as used herein refers to any non-transitory media that stores data and/or instructions that cause a machine to operate in a specific fashion. Such storage media can comprise non-volatile media and/or volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 142. Volatile media includes dynamic memory, such as main memory 140. Common forms of storage media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, NVRAM, any other memory chip or cartridge.
Storage media is distinct from, but can be used in conjunction with, transmission media. Transmission media participates in transferring information between storage media. For example, transmission media includes coaxial cables, copper wire and fibre optics, including the wires that comprise bus 138. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
Various forms of media can be involved in carrying one or more sequences of one or more instructions to processor 139 for execution. For example, the instructions can initially be carried on a magnetic disk or solid state drive of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line or other transmission medium using a modem. A modem local to computer system 137 can receive the data on the telephone line or other transmission medium and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 138. Bus 138 carries the data to the main memory 140, from which the processor 139 retrieves and executes the instructions. The instructions received by the main memory 140 can optionally be stored on the storage device 142 either before or after execution by the processor 139.
Computer system 137 also includes a communication interface 146 coupled to the bus 138. The communication interface 146 provides a two-way data communication coupling to a network link 147 that is connected to a local network 148. For example, the communication interface 146 can be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication interface 146 can be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links can also be implemented. In any such implementation, the communication interface 146 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
The network link 147 typically provides data communication through one or more networks to other data devices. For example, the network link 147 can provide a connection through the local network 148 to a host computer 149 or to data equipment operated by an Internet Service Provider (ISP) 150. The ISP 150 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 151. The local network 148 and internet 151 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on the network link 147 and through the communication interface 146, which carry the digital data to and from the computer system 137, are example forms of transmission media.
The computer system 137 can send messages and receive data, including program code, through the network(s), network link 147 and communication interface 146. For example, a first application server 106 may transmit data through the local network 148 to a different application server 107, 108.
The data processing platform 102 may be a containerised data processing platform.
In this regard, a containerised data platform comprises “containers” which hold one or more applications, and associated data libraries, that are guaranteed to be co-located on the same host machine and which can share resources. Such software platforms may also provide a set of primitives which collectively provide mechanisms for deploying, maintaining and scaling applications. A basic scheduling unit may be called a pod. A pod may consist of one or more containers.
For example, FIG. 3 is a schematic view of a container 160 of a containerised data processing platform. The container 160 in this case comprises first to fourth applications 162, 163, 164, 165, each having an associated library of functions, and a kernel 168. One or more of the first to fourth applications 162-165 may form part of a pod. For example, the first to third applications 162-164 may comprise a first pod and the fourth application 165 may comprise a second pod. For example, the first pod may comprise a first external organisation's applications, whereas the second pod may comprise a second external organisation's applications. Either way, the first and second pods run in the same kernel, in this example.
In accordance with an example embodiment, one of the application servers 106 in the data processing platform 102 shown in FIG. 1 comprises an access control application 109 configured to manage user access to other applications 110, 111 on one or more of the other application servers 107, 108 in accordance with the following. In particular, the access control application 109 controls or manages creation of data resources in a more secure, robust and secure way.
It should be appreciated that the access control application 109 can be configured to manage user access to data resources stored on the same application server 106 and to other forms of data resource, for example stored in the resource database 116 on the database server 114.
FIG. 4 is a schematic block diagram of functional components of the access control application 109 and its associated data structures. In other embodiments, the functional components may be arranged as a plurality of separate, interacting applications and data structures. The access control application 109 comprises an application program interface (API) 200, a permissioning module 202, an admissions controller 208, and a launch controller 214.
The authentication and authorisation modules 206, 207 may be provided by separate modules, external to the access control application 109.
The API 200 is arranged to receive user requests 220 from external users, e.g. from the client device 118 shown in FIG. 1, for accessing a data resource, which can include one or more of creating a new application on one or more of the servers 106-109, accessing an existing one of the applications 110, 111, and deleting an existing one of the applications. In the following, the example of creating a new application will be described in further detail.
The user request 220 may typically comprise in data form a user identifier associated with the requesting user, and an indication of the resource, e.g. the application they wish to access, by means of a specification. The specification defines a type of data resource required to be created, and may also define metadata, labels, selectors, comments and annotations. Annotations may be labels, e.g. key-value pairs, that contain non-identifying metadata. Annotations may be added to a specification in order to provide the deployment object with relevant information. For example, an annotation may include a release version, a deployment description, an indication that the data resource needs to run a launch function each time it is run or executed and/or that the data resource needs secret information such as one or more passwords and/or digital certificates each time it is run.
The user request 220 may also indicate in data form the type of access required, e.g. create application. The user request 220 may also indicate in data form the role of said user that issued the user request, although the role may be mapped by the permissioning system 202 based on the user identifier.
The API 200, upon receipt of the user request 220, initially requests verification of the user request by means of the permissioning system 202.
This may be by means of a two-stage process. A first stage may comprise an authentication stage and a second stage may comprise an authorization stage. The two stages may be implemented in separate messages between the API 200 and the permissioning system, or in a combined message.
The permissioning system 202, which may be the network-based permissioning system 104 shown in FIG. 1, is responsive to receiving the verification request from the API 200 to authenticate the user identified in the user request. The verification request from the API 200 to the permissioning system 202 may be an “Authn” message. Authentication in this sense may simply mean verifying that the user that issued the user request 220 is who they say they are. This may be by means of a token-based authentication system, whereby the user is pre-registered with the permissioning system 104 through some prior registration method, such that each time a new user request 220 is issued by the user (from a terminal they are logged into) it is accompanied by a signed token which the permissioning system 202 verifies for authenticity.
The signed token may be of any suitable type, for example a JSON Web Token (JWT).
In other embodiments, verification may be by means of a single sign on (SSO).
The permissioning system 202 may operate in conjunction with the authentication module 204 which authenticates (or denies) the user by checking the authenticity of the SSO, or the signed token, transmitted with the user request 220.
If the user is authenticated by the authentication module 204, a positive authentication message is sent back to the permissioning system 202 which then proceeds to the second stage of verification whereby the user is authorised. If the authentication fails, the authentication module 206 will issue a denial message back to the permissioning system 202 which may then communicate said fact to the user via the API 200 and the process goes no further.
In the second stage, following a positive authentication, the permissioning system 202 communicates an authorisation request to the authorisation module 206. This may be by means of an “Authz” message sent to the authorisation module 206, which may be an Authz platform. The authorisation module 206 answers a different set of questions, such as “what is the identified user able to access?” For example, the user may be a senior developer, as organised through the prior registration method, in which case the user may be granted different access rights than other users having different role(s). For example, a software developer may be able to create, edit/modify, and delete data resources such as applications on the data processing platform 102, data resources on the resource database 116 and so on. On the other hand, another user having a different role, e.g. a junior developer, may have different permissions stored in the authorisation module 206. For example, a junior developer may only be able to create and edit/modify data resources, and not delete data resources.
Thus, the authorisation module 206 may store for the or each organisation registered with the access control application 109 a table or database representing the different organisations, their registered users, and the various roles and associated permissions connected with the roles. These may be defined by each organisation via a prior registration procedure and updated as and when new users join, other users leave, and roles change.
In some examples, certain types of user role may be limited to certain types of data resource. For example, certain roles may be authorised in relation to databases only, applications only, or data resources of a particular category, e.g. related to Project X. Users may also be authorised based on certain annotations, metadata or labels forming part of the data resource specification.
In some examples, users may derive authorisations based on a hierarchical structure. Thus a first node may represent a senior developer that has certain permissions, and all child nodes from the first node may represent other developers in the senior developer's team, or under their control, that may automatically receive the same permissions or a subset thereof.
In this way, a more granular way of authorising requesting users to perform certain accessing functions can be assigned.
The authorisation module 206 may store for the or each organisation a policy object that specifies the operations that each user is authorised to perform with respect to data resources, or a subset of data resources. Further, the policy object may specify one or more further conditions.
Having determined the operations that the requesting user is authorised to perform, the authorisation module 206 returns an authorisation reply, indicating said operations and, if appropriate, further conditions to the permissioning system 202.
The permissioning system 202 subsequently sends the authorisation reply to the API 200. The API 200 subsequently generates and sends to the admissions controller module 208 a data message indicating, for the requesting user: the indication of the data resource they wish to access and the type of access they require (both sets of data being provided in the user request 220) and the authorisation reply or data derived therefrom.
The admissions controller module 208 is arranged to determine if the requesting user is permitted to perform the type of access they require on the indicated data resource based on the authorisation reply.
For example, if the user request 220 comprised a request to create a new database, the user may be authenticated by the authenticate module 204 but, when the “Authz” message is subsequently sent to the authorisation module 206, it may be that the user is only authorised to edit/modify existing databases. In this case, the admissions controller module 208 will receive from the API 200 data indicating that the user wishes to create a new database, but that they are only authorised to edit/modify. In this case, the admission controller module 208 may prevent the user from proceeding with the user request 220.
If the user request 220 is allowed, then a review response is sent from the admissions controller 208, back to the API 200 for it to proceed with the user request 220.
In the case where the user request is for creating a new data resource, for example, version of the data resource is created based on modifying, or mutating, a template of the data resource using the specification in the user request 220. For example, for a new application such as a database application, the API 200 is responsive to the verification instruction from the admissions controller 208 to generate the new database application based on the annotations, labels, metadata and/or any other configuration information in the specification.
In the shown example, the API 200 generates a ‘pod’ 210 comprised of one or more containerised applications, for which refer to FIG. 3.
Thus, at this point, a new data resource, i.e. the pod 210, has been created only after the user was authenticated and verified for permissions and then the pod itself is created based on the specification initially presented. By passing control of this creation to the API 200 under the control of the admissions controller 208, the access control application 109 can control what is created, by who (provided they have prior permission), and that it meets the specification. The new data resource can be deployed to the software platform at this point, in a trusted way in the knowledge that the data resource conforms to, for example, security requirements of the software platform in terms of verification and the structure of the mutated data resource.
In some examples, the generated pod 210 may have a specification that requires other functions to be performed on the pod when accessed, e.g. when users wish to edit/modify, or execute the pod. This additional functionality may be provided by other data resources, for example a data resource associated with the platform or with another organisation. The other data resource may be external to the platform. The specification may, for example, specify that other data is needed
For example, the specification may require that secret information be verified prior to enabling user access to the pod, e.g. to require external users to authenticate themselves before they can then execute, edit and/or access the pod. The secret information may be one or more of a password or digital certificate for protecting data in transit. The secret information may be stored in the vault module 216, which is a secure storage module. The vault module 216 may be external to the access control application 109 in some embodiments, as is indicated in FIG. 4. Thus, it may be appropriate to request and/or receive the secret information over a secure, encrypted link, such as by using SSL or ASSL.
Where other functions are defined in the specification, the API 200 also generates in association with the generated pod 210 a so-called launch function, here referred to as “launchpod” 212. The launchpod 212 is an executable file, tied or otherwise attached to the pod 210, which is required to be executed to initialise the pod 210, and also executed each time the pod 210 is subsequently executed by the data processing platform 102 so that the additional functionality can be provided in accordance with the specification and also to meet the policies and requirements of the software platform itself.
The launchpod 212 automatically sends a launchpod request to the launch controller module 214. The launchpod request indicates the identity of the pod 210 with which it is associated.
Responsive to this, the launch controller module 214 verifies the launchpod 212. The fact that the launchpod 212 could only have been created if the user was verified for the provided specification is an implicit form of verification in this case. The launch controller module 214 then sends a request to the API 200 which returns, based on the launch pod identity, its specification so that the launch controller module can identify the additional functionality required. The launch controller module 214 can then provide the pod 210 with the additional functionality in a secure manner appropriate to the software platform, which may comprise access information.
For example, if the specification indicates that secret data is required, the access information may be a password and/or digital certificate, or data usable to obtain a password and/or digital certificate.
Additionally, or alternatively, the use of a secure link such as by using SSL or ASSL may be appropriate for this function, and therefore a possible requirement of the software platform.
For example, the launch controller module 214 may recognise in accordance with an internal platform policy that, for a specification using an annotation requiring secret information, it is necessary to send a request to the vault module 216 using SSL or ASSL for secret data to be generated for use by the pod 210 subsequently. The vault module 216 may issue a wrapped token, which may be a one-time use token, which is sent to the launch controller module 214 using SSL or ASSL. The launch controller module 214 may then pass the received wrapped token and secret descriptors to the launchpod 212. The launchpod 212 may then obtain the secret information by directly sending the wrapped token and secret descriptors to the vault module 216 over SSL or ASSL. The vault module 216 may subsequently pass the secret information to the launchpod 212 directly based on the wrapped token and secret descriptors. Again, this is performed over SSL or ASSL.
Thus, the launch controller module 214 acts as a trusted intermediary between a launchpod 212 for obtaining the verified data resource specification for the user, and implementing additional functionality in accordance with the data platform's policies. For example, by recognising that secret information is required to access the data resource, the launch controller module 214 can implement this each time the data resource is accessed (causing the launchpod 212 to be executed) by using a secure link to communicate with the vault module 216.
In overview, the above methods and systems provide a form of ‘bootstrapping’ to impose controls on how data resources are newly created and subsequently accessed, and thus avoids data resources detrimentally impacting other data resources which may be due to inexperience or malicious intent.
FIG. 5 is a generalised flow diagram of processing operations that may be performed by the FIG. 2 processor 139 in running the access control application 109.
A first operation 5.1 comprises receiving a user request including a user identifier and a specification of a data resource. A second operation 5.2 comprises verifying the user based on their user identifier and the requested data resource. A third operation 5.3 comprises, responsive to verification, creating a version of the requested data resource in accordance with the specification.
FIG. 6 is a generalised flow diagram of further processing operations that may be performed by the FIG. 2 processor 139 in running the access control application 109.
A first operation 6.1, which may directly follow operation 5.3, comprises identifying one or more annotations in the specification of the requested data resource. A second operation 6.2 may comprise associating a launch function to the created version of the data resource. A third operation 6.3 may comprise executing the launch function to transmit a data resource identifier to a controller module. A fourth operation 6.4 may comprise receiving from the controller module access information necessary for performing one or more tasks on the created data resource.
It will be appreciated that certain ones of the above operations may be re-ordered, performed in parallel, and/or omitted. Certain other operations may be added.
For completeness, FIG. 7 is a data timing diagram which indicates, for a more specific example, the relative timings of data messages between the modules shown in FIG. 4. We refer to the example introduced previously whereby a user wishes to create a new data resource, or “pod”, which requires secret information each time it is accessed via the software platform subsequently.
A first operation 7.1 comprises the API 200 receiving a user request.
A second operation 7.2 comprises the API 200 sending an Authn request, e.g. a token review request, to the permissioning system 202.
A third operation 7.3 comprises the permissioning system 202 sending a verify token message to the authentication module 204.
A fourth operation 7.4 comprises the permissioning system 202 receiving a verify (or deny) response from the authentication module 204.
A fifth operation 7.5 comprises the API 200 sending an Authz request, e.g. a subject review request, to the permissioning system 202.
A sixth operation 7.6 comprises the permissioning system 202 sending an authorise user message to the authorisation module 206.
A seventh operation 7.7 comprises the permissioning system 202 receiving an authorise response from the authorisation module 206, indicating the permissions that the user has.
An eighth operation 7.8 comprises comprises the permissioning system 202 providing a result to the API 200 indicative that the user is authenticated and the permissions they have.
A ninth operation 7.9 comprises the API 200 providing the users permissions and at least part of the user resource specification to the admissions controller 208.
A tenth operation 7.10 comprises the admissions controller 208 determining if the user is permitted to perform the function(s) indicated in the user resource specification based on their permissions, e.g. to create a new database in container X. This determination is provided to the API 200.
If permitted, in an eleventh operation 7.11, the API 200 creates a pod 210 for the requested data resource based on a template and information in the specification for the user. If the specification indicates that one or more further functions are required, the API 200 also creates a launchpod 212 which is associated with the created pod 210.
In a twelfth operation 7.12, the launchpod 212 sends a POST request to the launch controller 214, including the name of the pod 210.
In a thirteenth operation 7.13, the launch controller 214 sends a GET request to the API 200 for the specification associated with the pod 210. The GET request may also request the verification result.
In a fourteenth operation 7.14, the API 200 sends the pod specification (and verification result, if needed) to the launch controller 214.
In a fifteenth operation 7.15, the launch controller 214, upon recognising that the launchpod requests secrets (such as one or more passwords or digital certificates) sends a POST request to the secure vault 216 for it to create secrets for the pod 210.
In a sixteenth operation 7.16, the launch controller 214 receives access information in the form of a wrapped token from the secure vault 216, together with secret descriptors.
In a seventeenth operation 7.17, the launch controller 214 sends the wrapped token and secret descriptors to the launchpod 212.
In an eighteenth operation 7.18, the launchpod 212 directly requests secrets from the secure vault 216 using the wrapped token and secret descriptors.
In a nineteenth operation 7.19, the launched 212 receives the requested secrets (provided the wrapped token and secret descriptors are valid) from the secure vault 216.
It will be appreciated that certain ones of the above operations may be re-ordered, performed in parallel, and/or omitted. Certain other operations may be added.
The above-described steps of verification and execution of the launch function may also be performed for subsequent accessing steps, for example for a different user to execute, edit/modify or delete the created data resource, provided they have the appropriate permissions.
Ingress Control
In another embodiment, where it is defined in the data resource specification that external user access to the created data resource is needed, for example by means of an Internet connection (which may be over an unpredictable or insecure link), one or more further modules of the access control application 109 may be arranged to route external requests to the data resource in a secure way.
For example, an annotation “path=foo” may be identified in the data resource specification, which may define a path “example.domain.com.ssp/path=foo” enabling IP access to a data resource named “foo”.
In this situation, the access control application 109 is arranged to create one or more replicas (copies) of the data resource, and, upon receiving a subsequent external request using the path, routes the request to the replica, or one of the replicas, instead of the original version. This avoids corruption of the original version by external traffic, which may originate from a malicious source.
Where a plurality of replicas is provided, this routing may also be performed via one or more load balancers, to ensure that multiple requests are distributed appropriately to the replicas in accordance with a load balancing algorithm.
The access control application 109 may provide a so-called ingress controller for this purpose.
FIG. 8 is a schematic diagram, showing functional operations and interactions of the access control application 109 for performing ingress control according to an example embodiment.
An API 250, which may the API 200 shown in FIG. 4, creates a service resource called in this case “Annotations” 252. The annotations service resource 252 may comprise one or more annotations which, in a data resource specification, correspond to an externally accessible service. For example, the annotation “path=foo” may be identified as being externally accessible.
A replica set 254 of the data resource may be created by the API 250, in this case comprising first to third replicas 254 a, 254 b, 254 c.
An ingress controller 256, upon noting that the annotations service resource 252 was created for “path=foo” then creates another service resource 260 called ingress object 260, which has the path “path=foo”.
The ingress controller 256 also monitors incoming traffic, e.g. via the network 112, to identify a URL having the annotation, e.g. “example.domain.com.ssp/path=foo.” Responsive to this, the external request is routed to one of the replica data resources 254 a, 254 b, 254 c. This routing may also be performed via one or more load balancers 204, to ensure that multiple requests are distributed appropriately to the replicas 254 a, 254 b, 254 c in accordance with a load balancing algorithm. The routing may be performed by a reverse proxy 262 a-c, for example an NGINX pod. The reverse proxy 262 a-c is configured by the ingress controller 256 upon recognition of an ingress object 260 to route incoming traffic to the replica resources 252 a-c.
FIG. 9 is a generalised flow diagram of processing operations that may be performed by the FIG. 8 API 250 in co-operation with the ingress controller 256 of the access control application 109.
A first operation 9.1 may comprise identifying a data resource requiring access by external users.
A second operation 9.2 may comprise creating one or more replicas of the data resource.
A third operation 9.3 may comprise routing access requests by external users to the one or more replicas.
Although claims have been formulated in this application to particular combinations of features, it should be understood that the scope of the disclosure of the present invention also includes any novel features or any novel combination of features disclosed herein either explicitly or implicitly or any generalization thereof, whether or not it relates to the same invention as presently claimed in any claim and whether or not it mitigates any or all of the same technical problems as does the present invention. The applicant hereby gives notice that new claims may be formulated to such features and/or combinations of such features during the prosecution of the present application or of any further application derived therefrom.

Claims (18)

What is claimed is:
1. A method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, wherein the method is performed using one or more processors or special-purpose computing hardware, the method comprising:
receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user;
performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions; and
responsive to verifying said user in accordance with the predetermined set of permissions;
creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
identifying one or more annotations in the data resource specification;
in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
2. The method of claim 1, further comprising, responsive to verifying said user:
identifying one or more other annotations in the data resource specification;
associating, to the created data resource, an executable launch function appropriate to each of the identified annotations, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
3. The method of claim 2, wherein the software platform controller further determines that the user has been verified prior to providing the launch function with said information.
4. The method of claim 2, wherein the software platform controller further determines attributes of the user and/or the data resource using the data resource identifier, and, provides said information based on said attributes.
5. The method of claim 2, wherein the said information defines whether the user is permitted to create, edit and/or delete the data resource.
6. The method of claim 1, wherein the secret information is received from a secure vault, external to the launch function and the software platform controller.
7. The method of claim 6, wherein the secret information received from the software platform controller comprises a wrapped token, and wherein the launch function queries the secure server using the secret information to obtain the secret information.
8. The method of claim 6, wherein the secret information comprises a password and/or a digital certificate.
9. The method of claim 1, wherein performing verification comprises verifying that said user is permitted to create new data resources in accordance with the predefined set of permissions.
10. The method of claim 1, wherein the user request comprises an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link, the method further comprising:
verifying that said user is permitted to allow access to the data resource by external users;
responsive to verifying that said user is so permitted, creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.
11. The method of claim 10, wherein the indication that the data resource is required to be accessible to one or more other users comprises identifying an annotation in the user request associated with said external user access, the method further comprising:
identifying other user access requests to the data resource by means of a corresponding annotation in the other user requests, the annotation optionally being a URL path.
12. The method of claim 10, further comprising creating a plurality of replicas of the data resource and routing access requests from the one or more other users by means of a load balancing algorithm.
13. A non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors of a data processing apparatus, causes the data processing apparatus to perform a method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, the method comprising:
receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user;
performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions;
responsive to verifying said user in accordance with the predetermined set of permissions:
creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
identifying one or more annotations in the data resource specification;
in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
14. The non-transitory computer-readable storage medium of claim 13, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the data processing apparatus to perform:
responsive to verifying said user, identifying one or more annotations in the data resource specification, associating an executable launch function appropriate to the or each identified annotation to the created data resource, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
15. The non-transitory computer-readable storage medium of claim 14, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the software platform controller to determine that the user has been verified prior to providing the launch function with said information.
16. The non-transitory computer-readable storage medium of claim 14, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the software platform controller to determine attributes of the user and/or the data resource using the data resource identifier, and, provides said information based on said attributes.
17. The non-transitory computer-readable storage medium of claim 13, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the data processing apparatus to receive the secret information from a secure vault, external to the launch function and the software platform controller.
18. The non-transitory computer-readable storage medium of claim 17, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the data processing apparatus to receive the secret information from the software platform controller as a wrapped token, and to cause the launch function to query the secure server using the secret information to obtain the secret information.
US15/826,321 2017-10-04 2017-11-29 Controlling user creation of data resources on a data processing platform Active US10079832B1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US16/134,586 US10397229B2 (en) 2017-10-04 2018-09-18 Controlling user creation of data resources on a data processing platform
US16/430,900 US10735429B2 (en) 2017-10-04 2019-06-04 Controlling user creation of data resources on a data processing platform
US16/942,706 US20200358774A1 (en) 2017-10-04 2020-07-29 Controlling user creation of data resources on a data processing platform

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP17197000 2017-10-18
EP17197000.7A EP3467650B1 (en) 2017-10-04 2017-10-18 Controlling user creation of data resources on a data processing platform

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/134,586 Continuation US10397229B2 (en) 2017-10-04 2018-09-18 Controlling user creation of data resources on a data processing platform

Publications (1)

Publication Number Publication Date
US10079832B1 true US10079832B1 (en) 2018-09-18

Family

ID=63491146

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/826,321 Active US10079832B1 (en) 2017-10-04 2017-11-29 Controlling user creation of data resources on a data processing platform

Country Status (1)

Country Link
US (1) US10079832B1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3657346A1 (en) * 2018-11-22 2020-05-27 Palantir Technologies Inc. Providing external access to a processing platform
CN111290768A (en) * 2020-01-22 2020-06-16 北京百度网讯科技有限公司 Updating method, device, equipment and medium for containerization application system
US10761889B1 (en) 2019-09-18 2020-09-01 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US10817281B2 (en) * 2018-10-29 2020-10-27 Sap Se Packaged application resources for mobile applications
US10868887B2 (en) 2019-02-08 2020-12-15 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
CN113110917A (en) * 2021-04-28 2021-07-13 北京链道科技有限公司 Data discovery and security access method based on Kubernetes
CN113626134A (en) * 2021-06-29 2021-11-09 广东浪潮智慧计算技术有限公司 Resource replication method, device, equipment and computer readable storage medium
US20220012373A1 (en) * 2020-07-13 2022-01-13 Avaya Management L.P. Method to encrypt the data at rest for data residing on kubernetes persistent volumes
US11340947B2 (en) 2018-12-11 2022-05-24 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US11509650B2 (en) * 2020-02-05 2022-11-22 Unisys Corporation One-time password for secure share mapping
US11528194B2 (en) * 2019-09-06 2022-12-13 Jpmorgan Chase Bank, N.A. Enterprise control plane for data streaming service

Citations (116)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5978475A (en) 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
US6253203B1 (en) 1998-10-02 2001-06-26 Ncr Corporation Privacy-enhanced database
US20020112157A1 (en) 1997-09-22 2002-08-15 Proofspace, Inc. System and method for widely witnessed proof of time
US20040073814A1 (en) * 2002-05-30 2004-04-15 Shingo Miyazaki Access control system, device, and program
US6725240B1 (en) 2000-08-08 2004-04-20 International Business Machines Corporation Apparatus and method for protecting against data tampering in an audit subsystem
US20040123139A1 (en) 2002-12-18 2004-06-24 At&T Corp. System having filtering/monitoring of secure connections
US20040153418A1 (en) 2003-02-05 2004-08-05 Hanweck Gerald Alfred System and method for providing access to data from proprietary tools
US6807569B1 (en) 2000-09-12 2004-10-19 Science Applications International Corporation Trusted and anonymous system and method for sharing threat data to industry assets
US20040250124A1 (en) 2003-05-19 2004-12-09 Vsecure Technologies (Us) Inc. Dynamic network protection
WO2005010685A2 (en) 2003-07-18 2005-02-03 Corestreet, Ltd. Controlling access to an area
US20050157662A1 (en) 2004-01-20 2005-07-21 Justin Bingham Systems and methods for detecting a compromised network
US20050229256A2 (en) 2001-12-31 2005-10-13 Citadel Security Software Inc. Automated Computer Vulnerability Resolution System
US20050262556A1 (en) 2004-05-07 2005-11-24 Nicolas Waisman Methods and apparatus for computer network security using intrusion detection and prevention
US20050275638A1 (en) 2003-03-28 2005-12-15 Microsoft Corporation Dynamic feedback for gestures
US20060031928A1 (en) 2004-08-09 2006-02-09 Conley James W Detector and computerized method for determining an occurrence of tunneling activity
US7017046B2 (en) 1997-09-22 2006-03-21 Proofspace, Inc. System and method for graphical indicia for the certification of records
US20060069912A1 (en) 2003-05-30 2006-03-30 Yuliang Zheng Systems and methods for enhanced network security
US7069586B1 (en) 2000-04-03 2006-06-27 Software Secure, Inc. Securely executing an application on a computer system
US20060179003A1 (en) 2000-11-07 2006-08-10 Enfotrust Networks, Inc. Consumer-controlled limited and constrained access to a centrally stored information account
US20060212931A1 (en) 2005-03-02 2006-09-21 Markmonitor, Inc. Trust evaluation systems and methods
US20060218637A1 (en) 2005-03-24 2006-09-28 Microsoft Corporation System and method of selectively scanning a file on a computing device for malware
US20060265747A1 (en) 2002-03-08 2006-11-23 Ciphertrust, Inc. Systems and Methods For Message Threat Management
US20070074204A1 (en) * 2005-09-27 2007-03-29 Microsoft Corporation Upgrade and downgrade of data resource components
US20070143851A1 (en) 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
US20070294766A1 (en) 2006-06-14 2007-12-20 Microsoft Corporation Enterprise threat modeling
US20080104407A1 (en) 2006-10-31 2008-05-01 Hewlett-Packard Development Company, L.P. Audit-log integrity using redactable signatures
US20080201580A1 (en) 2007-02-21 2008-08-21 Stephen Savitzky Trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes
US20080222706A1 (en) 2007-03-06 2008-09-11 Martin Renaud Globally aware authentication system
US20080229422A1 (en) 2007-03-14 2008-09-18 Microsoft Corporation Enterprise security assessment sharing
US20090103442A1 (en) 2007-09-28 2009-04-23 Richard Douville Communicating risk information within a multi-domain network
US20090228701A1 (en) 2008-03-04 2009-09-10 Industrial Technology Research Institute Logging system and method based on one-way hash function
US7596285B2 (en) 2004-02-26 2009-09-29 International Business Machines Corporation Providing a portion of an electronic mail message at a reduced resolution
US20090328222A1 (en) 2008-06-25 2009-12-31 Microsoft Corporation Mapping between users and machines in an enterprise security assessment sharing system
US20100077481A1 (en) 2008-09-22 2010-03-25 Microsoft Corporation Collecting and analyzing malware data
US20100100963A1 (en) 2008-10-21 2010-04-22 Flexilis, Inc. System and method for attack and malware prevention
CN101729531A (en) 2009-03-16 2010-06-09 中兴通讯股份有限公司 Method, device and system of distributing network safety strategies
US20100179831A1 (en) 2009-01-15 2010-07-15 International Business Machines Corporation Universal personal medical database access control
US7770032B2 (en) 2004-04-06 2010-08-03 Telecom Italia S.P.A. Secure logging for irrefutable administration
US20100235915A1 (en) 2009-03-12 2010-09-16 Nasir Memon Using host symptoms, host roles, and/or host reputation for detection of host infection
US7801871B2 (en) 2005-08-09 2010-09-21 Nexsan Technologies Canada Inc. Data archiving system
US20100262688A1 (en) 2009-01-21 2010-10-14 Daniar Hussain Systems, methods, and devices for detecting security vulnerabilities in ip networks
US20100309510A1 (en) * 2009-06-09 2010-12-09 Accipiter Innovations, Llc Systems, methods and devices for printing from a mobile device
US20100325159A1 (en) * 2009-06-17 2010-12-23 Microsoft Corporation Model-based implied authorization
US20100330801A1 (en) 2009-06-26 2010-12-30 Hynix Semiconductor Inc. Method of Fabricating Landing Plug in Semiconductor Device
US20110060910A1 (en) 2009-09-08 2011-03-10 Gormish Michael J Device enabled verifiable stroke and image based workflows
US20110126127A1 (en) * 2009-11-23 2011-05-26 Foresight Imaging LLC System and method for collaboratively communicating on images and saving those communications and images in a standard known format
US7962495B2 (en) 2006-11-20 2011-06-14 Palantir Technologies, Inc. Creating data in a data store using a dynamic ontology
US20110202555A1 (en) 2010-01-28 2011-08-18 IT.COM, Inc. Graphical User Interfaces Supporting Method And System For Electronic Discovery Using Social Network Analysis
US20110219450A1 (en) 2010-03-08 2011-09-08 Raytheon Company System And Method For Malware Detection
US8141036B2 (en) * 2005-07-07 2012-03-20 Oracle International Corporation Customized annotation editing
US20120079592A1 (en) 2010-09-24 2012-03-29 Verisign, Inc. Ip prioritization and scoring system for ddos detection and mitigation
US20120084866A1 (en) 2007-06-12 2012-04-05 Stolfo Salvatore J Methods, systems, and media for measuring computer security
US20120110633A1 (en) 2010-10-29 2012-05-03 Electronics And Telecommunications Research Institute Apparatus for sharing security information among network domains and method thereof
US20120110674A1 (en) 2010-09-22 2012-05-03 Rohyt Belani Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms
US8181253B1 (en) 2011-04-19 2012-05-15 Kaspersky Lab Zao System and method for reducing security risk in computer network
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US8196184B2 (en) 2007-02-16 2012-06-05 Microsoft Corporation Efficient data structures for multi-dimensional security
US20120169593A1 (en) 2011-01-05 2012-07-05 Research In Motion Limited Definition and handling of user input events in a web browser
US8239668B1 (en) 2009-04-15 2012-08-07 Trend Micro Incorporated Computer security threat data collection and aggregation with user privacy protection
US20120218305A1 (en) 2011-02-24 2012-08-30 Google Inc. Systems and Methods for Manipulating User Annotations in Electronic Books
US20120254129A1 (en) 2011-04-02 2012-10-04 Recursion Software, Inc. System and method for managing sensitive data using intelligent mobile agents on a network
US8301904B1 (en) 2008-06-24 2012-10-30 Mcafee, Inc. System, method, and computer program product for automatically identifying potentially unwanted data as unwanted
US20120284791A1 (en) 2011-05-06 2012-11-08 The Penn State Research Foundation Robust anomaly detection and regularized domain adaptation of classifiers with application to internet packet-flows
US8312546B2 (en) 2007-04-23 2012-11-13 Mcafee, Inc. Systems, apparatus, and methods for detecting malware
US20120330801A1 (en) 2011-06-27 2012-12-27 Raytheon Company Distributed Malware Detection
US20130019306A1 (en) 2011-07-12 2013-01-17 At&T Intellectual Property I, L.P. Remote-Assisted Malware Detection
US8392902B2 (en) * 2007-10-24 2013-03-05 Siemens Aktiengesellschaft Upgrading software applications offline using a virtual machine
US20130097709A1 (en) 2011-10-18 2013-04-18 Mcafee, Inc. User behavioral risk assessment
US20130110876A1 (en) 2011-10-28 2013-05-02 Microsoft Corporation Permission based query processing
US20130139268A1 (en) 2011-11-28 2013-05-30 Electronics And Telecommunications Research Institute Agent apparatus and method for sharing anonymous identifier-based security information among security management domains
US20130211911A1 (en) * 2012-02-09 2013-08-15 Mark Krietzman Permissioned use predictive interactions
CN103281301A (en) 2013-04-28 2013-09-04 上海海事大学 System and method for judging cloud safety malicious program
US20130239217A1 (en) 2012-03-07 2013-09-12 Cleanport, BV System, Method and Computer Program Product for Determining a Person's Aggregate Online Risk Score
US20130247142A1 (en) * 2010-11-09 2013-09-19 Toshiba Solutions Corporation Authentication federation system and id provider device
US20140013451A1 (en) 2012-07-06 2014-01-09 Sap Ag Data obfuscation for open data (odata) communications
US8646080B2 (en) 2005-09-16 2014-02-04 Avg Technologies Cy Limited Method and apparatus for removing harmful software
US20140059683A1 (en) 2012-08-22 2014-02-27 International Business Machines Corporation Cooperative intrusion detection ecosystem for IP reputation-based security
US8667456B1 (en) * 2011-04-20 2014-03-04 Google Inc. Cloud-based indexing for integrated development environments
US8683322B1 (en) 2010-02-10 2014-03-25 Socialware, Inc. Method, system and computer program product for structuring unstructured data originating from uncontrolled web application
US20140123279A1 (en) 2012-10-29 2014-05-01 Michael G. Bishop Dynamic quarantining for malware detection
US20140129550A1 (en) * 2012-11-06 2014-05-08 Rockwell Automation Technologies, Inc. Content management
US8726379B1 (en) 2011-07-15 2014-05-13 Norse Corporation Systems and methods for dynamic protection from electronic attacks
US20140143009A1 (en) 2012-11-16 2014-05-22 International Business Machines Corporation Risk reward estimation for company-country pairs
US20140165038A1 (en) * 2012-12-12 2014-06-12 Microsoft Corporation Analysis of propagated information using annotated forests
US20140173712A1 (en) 2012-12-18 2014-06-19 Verizon Patent And Licensing Inc. Network security system with customizable rule-based analytics engine for identifying application layer violations
US20140173738A1 (en) 2012-12-18 2014-06-19 Michael Condry User device security profile
US8769412B2 (en) 2009-11-20 2014-07-01 Alert Enterprise, Inc. Method and apparatus for risk visualization and remediation
US20140188895A1 (en) 2012-12-28 2014-07-03 Microsoft Corporation Detecting anomalies in behavioral network with contextual side information
US8782794B2 (en) 2010-04-16 2014-07-15 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US20140229422A1 (en) 2013-02-13 2014-08-14 Namit Jain Hive table links
US20140283107A1 (en) 2013-03-14 2014-09-18 Appsense Limited Secure data management
US8931043B2 (en) 2012-04-10 2015-01-06 Mcafee Inc. System and method for determining and using local reputations of users and hosts to protect information in a network environment
US20150039565A1 (en) 2013-08-01 2015-02-05 Actiance, Inc. Unified context-aware content archive system
US9021260B1 (en) 2014-07-03 2015-04-28 Palantir Technologies Inc. Malware data item analysis
US20150128274A1 (en) 2013-11-04 2015-05-07 Crypteia Networks S.A. System and method for identifying infected networks and systems from unknown attacks
US20150134600A1 (en) * 2013-11-11 2015-05-14 Amazon Technologies, Inc. Document management and collaboration system
US9049117B1 (en) 2009-10-21 2015-06-02 Narus, Inc. System and method for collecting and processing information of an internet user via IP-web correlation
US20150188715A1 (en) 2013-12-30 2015-07-02 Palantir Technologies, Inc. Verifiable redactable audit log
EP2892197A1 (en) 2014-01-03 2015-07-08 Palantir Technologies, Inc. IP reputation
US20150200948A1 (en) * 2012-04-23 2015-07-16 Google Inc. Controlling Access by Web Applications to Resources on Servers
US20150229664A1 (en) 2014-02-13 2015-08-13 Trevor Tyler HAWTHORN Assessing security risks of users in a computing network
NL2011642C2 (en) 2012-10-22 2015-08-25 Palantir Technologies Sharing data between nexuses that use different classification schemes for data access control.
US20150248563A1 (en) 2014-03-03 2015-09-03 International Business Machines Corporation Requesting instant messaging history by validated parties
US20150278311A1 (en) * 2013-02-27 2015-10-01 Hitachi Data Systems Corporation Content class for object storage indexing system
US20150286665A1 (en) * 2013-02-27 2015-10-08 Hitachi Data Systems Corporation Multiple collections of user-defined metadata for self-describing objects
US20150312188A1 (en) * 2014-04-23 2015-10-29 Actiance, Inc. Distributed policy enforcement for enterprise communications
US20150326601A1 (en) 2014-05-10 2015-11-12 Informatica Corporation Assessment type-variable enterprise security impact analysis
EP2963578A1 (en) 2014-07-03 2016-01-06 Palantir Technologies, Inc. Malware data item analysis
EP2985974A1 (en) 2014-08-13 2016-02-17 Palantir Technologies, Inc. Malicious tunneling handling system
US9335897B2 (en) 2013-08-08 2016-05-10 Palantir Technologies Inc. Long click display of a context menu
US20160182309A1 (en) * 2014-12-22 2016-06-23 Rockwell Automation Technologies, Inc. Cloud-based emulation and modeling for automation systems
US9514327B2 (en) * 2013-11-14 2016-12-06 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US20170091466A1 (en) * 2012-04-27 2017-03-30 Intralinks, Inc. System and method for managing collaboration in a networked secure exchange environment
US20170185715A9 (en) * 2013-03-15 2017-06-29 Douglas K. Smith Federated Collaborative Medical Records System Utilizing Cloud Computing Network and Methods
US9721117B2 (en) * 2014-09-19 2017-08-01 Oracle International Corporation Shared identity management (IDM) integration in a multi-tenant computing environment
US20180024975A1 (en) * 2016-07-22 2018-01-25 Conduent Business Services, Llc Methods and systems for managing annotations within applications and websites

Patent Citations (127)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5978475A (en) 1997-07-18 1999-11-02 Counterpane Internet Security, Inc. Event auditing system
US20020112157A1 (en) 1997-09-22 2002-08-15 Proofspace, Inc. System and method for widely witnessed proof of time
US7017046B2 (en) 1997-09-22 2006-03-21 Proofspace, Inc. System and method for graphical indicia for the certification of records
US6253203B1 (en) 1998-10-02 2001-06-26 Ncr Corporation Privacy-enhanced database
US7069586B1 (en) 2000-04-03 2006-06-27 Software Secure, Inc. Securely executing an application on a computer system
US6725240B1 (en) 2000-08-08 2004-04-20 International Business Machines Corporation Apparatus and method for protecting against data tampering in an audit subsystem
US6807569B1 (en) 2000-09-12 2004-10-19 Science Applications International Corporation Trusted and anonymous system and method for sharing threat data to industry assets
US20060179003A1 (en) 2000-11-07 2006-08-10 Enfotrust Networks, Inc. Consumer-controlled limited and constrained access to a centrally stored information account
US20050229256A2 (en) 2001-12-31 2005-10-13 Citadel Security Software Inc. Automated Computer Vulnerability Resolution System
US20060265747A1 (en) 2002-03-08 2006-11-23 Ciphertrust, Inc. Systems and Methods For Message Threat Management
US20040073814A1 (en) * 2002-05-30 2004-04-15 Shingo Miyazaki Access control system, device, and program
US20040123139A1 (en) 2002-12-18 2004-06-24 At&T Corp. System having filtering/monitoring of secure connections
US20040153418A1 (en) 2003-02-05 2004-08-05 Hanweck Gerald Alfred System and method for providing access to data from proprietary tools
US20050275638A1 (en) 2003-03-28 2005-12-15 Microsoft Corporation Dynamic feedback for gestures
US20040250124A1 (en) 2003-05-19 2004-12-09 Vsecure Technologies (Us) Inc. Dynamic network protection
US20060069912A1 (en) 2003-05-30 2006-03-30 Yuliang Zheng Systems and methods for enhanced network security
WO2005010685A2 (en) 2003-07-18 2005-02-03 Corestreet, Ltd. Controlling access to an area
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US20050157662A1 (en) 2004-01-20 2005-07-21 Justin Bingham Systems and methods for detecting a compromised network
US7596285B2 (en) 2004-02-26 2009-09-29 International Business Machines Corporation Providing a portion of an electronic mail message at a reduced resolution
US7770032B2 (en) 2004-04-06 2010-08-03 Telecom Italia S.P.A. Secure logging for irrefutable administration
US7225468B2 (en) 2004-05-07 2007-05-29 Digital Security Networks, Llc Methods and apparatus for computer network security using intrusion detection and prevention
US20050262556A1 (en) 2004-05-07 2005-11-24 Nicolas Waisman Methods and apparatus for computer network security using intrusion detection and prevention
US20060031928A1 (en) 2004-08-09 2006-02-09 Conley James W Detector and computerized method for determining an occurrence of tunneling activity
US20060212931A1 (en) 2005-03-02 2006-09-21 Markmonitor, Inc. Trust evaluation systems and methods
US20060218637A1 (en) 2005-03-24 2006-09-28 Microsoft Corporation System and method of selectively scanning a file on a computing device for malware
US8141036B2 (en) * 2005-07-07 2012-03-20 Oracle International Corporation Customized annotation editing
US7801871B2 (en) 2005-08-09 2010-09-21 Nexsan Technologies Canada Inc. Data archiving system
US8646080B2 (en) 2005-09-16 2014-02-04 Avg Technologies Cy Limited Method and apparatus for removing harmful software
US20070074204A1 (en) * 2005-09-27 2007-03-29 Microsoft Corporation Upgrade and downgrade of data resource components
US20070143851A1 (en) 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
US20070294766A1 (en) 2006-06-14 2007-12-20 Microsoft Corporation Enterprise threat modeling
US20080104407A1 (en) 2006-10-31 2008-05-01 Hewlett-Packard Development Company, L.P. Audit-log integrity using redactable signatures
US7962495B2 (en) 2006-11-20 2011-06-14 Palantir Technologies, Inc. Creating data in a data store using a dynamic ontology
US8196184B2 (en) 2007-02-16 2012-06-05 Microsoft Corporation Efficient data structures for multi-dimensional security
EP1962222A2 (en) 2007-02-21 2008-08-27 Ricoh Company, Ltd. Trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes
US20080201580A1 (en) 2007-02-21 2008-08-21 Stephen Savitzky Trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes
US20080222706A1 (en) 2007-03-06 2008-09-11 Martin Renaud Globally aware authentication system
US20080229422A1 (en) 2007-03-14 2008-09-18 Microsoft Corporation Enterprise security assessment sharing
US8312546B2 (en) 2007-04-23 2012-11-13 Mcafee, Inc. Systems, apparatus, and methods for detecting malware
US20120084866A1 (en) 2007-06-12 2012-04-05 Stolfo Salvatore J Methods, systems, and media for measuring computer security
US20090103442A1 (en) 2007-09-28 2009-04-23 Richard Douville Communicating risk information within a multi-domain network
US8392902B2 (en) * 2007-10-24 2013-03-05 Siemens Aktiengesellschaft Upgrading software applications offline using a virtual machine
US20090228701A1 (en) 2008-03-04 2009-09-10 Industrial Technology Research Institute Logging system and method based on one-way hash function
US8301904B1 (en) 2008-06-24 2012-10-30 Mcafee, Inc. System, method, and computer program product for automatically identifying potentially unwanted data as unwanted
US20090328222A1 (en) 2008-06-25 2009-12-31 Microsoft Corporation Mapping between users and machines in an enterprise security assessment sharing system
US20100077481A1 (en) 2008-09-22 2010-03-25 Microsoft Corporation Collecting and analyzing malware data
US20100100963A1 (en) 2008-10-21 2010-04-22 Flexilis, Inc. System and method for attack and malware prevention
US20100179831A1 (en) 2009-01-15 2010-07-15 International Business Machines Corporation Universal personal medical database access control
US20100262688A1 (en) 2009-01-21 2010-10-14 Daniar Hussain Systems, methods, and devices for detecting security vulnerabilities in ip networks
US20100235915A1 (en) 2009-03-12 2010-09-16 Nasir Memon Using host symptoms, host roles, and/or host reputation for detection of host infection
CN101729531A (en) 2009-03-16 2010-06-09 中兴通讯股份有限公司 Method, device and system of distributing network safety strategies
US8239668B1 (en) 2009-04-15 2012-08-07 Trend Micro Incorporated Computer security threat data collection and aggregation with user privacy protection
US20100309510A1 (en) * 2009-06-09 2010-12-09 Accipiter Innovations, Llc Systems, methods and devices for printing from a mobile device
US20100325159A1 (en) * 2009-06-17 2010-12-23 Microsoft Corporation Model-based implied authorization
US20100330801A1 (en) 2009-06-26 2010-12-30 Hynix Semiconductor Inc. Method of Fabricating Landing Plug in Semiconductor Device
US20110060910A1 (en) 2009-09-08 2011-03-10 Gormish Michael J Device enabled verifiable stroke and image based workflows
US9049117B1 (en) 2009-10-21 2015-06-02 Narus, Inc. System and method for collecting and processing information of an internet user via IP-web correlation
US8769412B2 (en) 2009-11-20 2014-07-01 Alert Enterprise, Inc. Method and apparatus for risk visualization and remediation
US20110126127A1 (en) * 2009-11-23 2011-05-26 Foresight Imaging LLC System and method for collaboratively communicating on images and saving those communications and images in a standard known format
US20110202555A1 (en) 2010-01-28 2011-08-18 IT.COM, Inc. Graphical User Interfaces Supporting Method And System For Electronic Discovery Using Social Network Analysis
US8683322B1 (en) 2010-02-10 2014-03-25 Socialware, Inc. Method, system and computer program product for structuring unstructured data originating from uncontrolled web application
US20110219450A1 (en) 2010-03-08 2011-09-08 Raytheon Company System And Method For Malware Detection
US8782794B2 (en) 2010-04-16 2014-07-15 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US20120110674A1 (en) 2010-09-22 2012-05-03 Rohyt Belani Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms
US20120079592A1 (en) 2010-09-24 2012-03-29 Verisign, Inc. Ip prioritization and scoring system for ddos detection and mitigation
US20120110633A1 (en) 2010-10-29 2012-05-03 Electronics And Telecommunications Research Institute Apparatus for sharing security information among network domains and method thereof
US20130247142A1 (en) * 2010-11-09 2013-09-19 Toshiba Solutions Corporation Authentication federation system and id provider device
US20120169593A1 (en) 2011-01-05 2012-07-05 Research In Motion Limited Definition and handling of user input events in a web browser
US20120218305A1 (en) 2011-02-24 2012-08-30 Google Inc. Systems and Methods for Manipulating User Annotations in Electronic Books
US20120254129A1 (en) 2011-04-02 2012-10-04 Recursion Software, Inc. System and method for managing sensitive data using intelligent mobile agents on a network
US8181253B1 (en) 2011-04-19 2012-05-15 Kaspersky Lab Zao System and method for reducing security risk in computer network
US8667456B1 (en) * 2011-04-20 2014-03-04 Google Inc. Cloud-based indexing for integrated development environments
US20120284791A1 (en) 2011-05-06 2012-11-08 The Penn State Research Foundation Robust anomaly detection and regularized domain adaptation of classifiers with application to internet packet-flows
US20120330801A1 (en) 2011-06-27 2012-12-27 Raytheon Company Distributed Malware Detection
US20130019306A1 (en) 2011-07-12 2013-01-17 At&T Intellectual Property I, L.P. Remote-Assisted Malware Detection
US20140366132A1 (en) 2011-07-15 2014-12-11 Norse Corporation Systems and Methods for Dynamic Protection from Electronic Attacks
US8726379B1 (en) 2011-07-15 2014-05-13 Norse Corporation Systems and methods for dynamic protection from electronic attacks
US20130097709A1 (en) 2011-10-18 2013-04-18 Mcafee, Inc. User behavioral risk assessment
US20130110876A1 (en) 2011-10-28 2013-05-02 Microsoft Corporation Permission based query processing
US20130139268A1 (en) 2011-11-28 2013-05-30 Electronics And Telecommunications Research Institute Agent apparatus and method for sharing anonymous identifier-based security information among security management domains
US20130211911A1 (en) * 2012-02-09 2013-08-15 Mark Krietzman Permissioned use predictive interactions
US20130239217A1 (en) 2012-03-07 2013-09-12 Cleanport, BV System, Method and Computer Program Product for Determining a Person's Aggregate Online Risk Score
US8931043B2 (en) 2012-04-10 2015-01-06 Mcafee Inc. System and method for determining and using local reputations of users and hosts to protect information in a network environment
US20150200948A1 (en) * 2012-04-23 2015-07-16 Google Inc. Controlling Access by Web Applications to Resources on Servers
US20170091466A1 (en) * 2012-04-27 2017-03-30 Intralinks, Inc. System and method for managing collaboration in a networked secure exchange environment
US20140013451A1 (en) 2012-07-06 2014-01-09 Sap Ag Data obfuscation for open data (odata) communications
US20140059683A1 (en) 2012-08-22 2014-02-27 International Business Machines Corporation Cooperative intrusion detection ecosystem for IP reputation-based security
NL2011642C2 (en) 2012-10-22 2015-08-25 Palantir Technologies Sharing data between nexuses that use different classification schemes for data access control.
US20150261847A1 (en) 2012-10-22 2015-09-17 Palantir Technologies, Inc. Sharing information between nexuses that use different classification schemes for information access control
US20140123279A1 (en) 2012-10-29 2014-05-01 Michael G. Bishop Dynamic quarantining for malware detection
US20140129550A1 (en) * 2012-11-06 2014-05-08 Rockwell Automation Technologies, Inc. Content management
US20140143009A1 (en) 2012-11-16 2014-05-22 International Business Machines Corporation Risk reward estimation for company-country pairs
US20140165038A1 (en) * 2012-12-12 2014-06-12 Microsoft Corporation Analysis of propagated information using annotated forests
US20140173712A1 (en) 2012-12-18 2014-06-19 Verizon Patent And Licensing Inc. Network security system with customizable rule-based analytics engine for identifying application layer violations
US20140173738A1 (en) 2012-12-18 2014-06-19 Michael Condry User device security profile
US20140188895A1 (en) 2012-12-28 2014-07-03 Microsoft Corporation Detecting anomalies in behavioral network with contextual side information
US20140229422A1 (en) 2013-02-13 2014-08-14 Namit Jain Hive table links
US20150278311A1 (en) * 2013-02-27 2015-10-01 Hitachi Data Systems Corporation Content class for object storage indexing system
US20170192986A1 (en) * 2013-02-27 2017-07-06 Hitachi Data Systems Corporation Content class for object storage indexing system
US20150286665A1 (en) * 2013-02-27 2015-10-08 Hitachi Data Systems Corporation Multiple collections of user-defined metadata for self-describing objects
US20140283107A1 (en) 2013-03-14 2014-09-18 Appsense Limited Secure data management
US20170185715A9 (en) * 2013-03-15 2017-06-29 Douglas K. Smith Federated Collaborative Medical Records System Utilizing Cloud Computing Network and Methods
CN103281301A (en) 2013-04-28 2013-09-04 上海海事大学 System and method for judging cloud safety malicious program
US20150039565A1 (en) 2013-08-01 2015-02-05 Actiance, Inc. Unified context-aware content archive system
US9335897B2 (en) 2013-08-08 2016-05-10 Palantir Technologies Inc. Long click display of a context menu
US20150128274A1 (en) 2013-11-04 2015-05-07 Crypteia Networks S.A. System and method for identifying infected networks and systems from unknown attacks
US20150134600A1 (en) * 2013-11-11 2015-05-14 Amazon Technologies, Inc. Document management and collaboration system
US9514327B2 (en) * 2013-11-14 2016-12-06 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
US9338013B2 (en) 2013-12-30 2016-05-10 Palantir Technologies Inc. Verifiable redactable audit log
US20150188715A1 (en) 2013-12-30 2015-07-02 Palantir Technologies, Inc. Verifiable redactable audit log
EP2897051A2 (en) 2013-12-30 2015-07-22 Palantir Technologies, Inc. Verifiable audit log
EP2892197A1 (en) 2014-01-03 2015-07-08 Palantir Technologies, Inc. IP reputation
US20160028759A1 (en) 2014-01-03 2016-01-28 Palantir Technologies Inc. System and method for evaluating network threats and usage
US9100428B1 (en) 2014-01-03 2015-08-04 Palantir Technologies Inc. System and method for evaluating network threats
US20150229664A1 (en) 2014-02-13 2015-08-13 Trevor Tyler HAWTHORN Assessing security risks of users in a computing network
US20150248563A1 (en) 2014-03-03 2015-09-03 International Business Machines Corporation Requesting instant messaging history by validated parties
US20150312188A1 (en) * 2014-04-23 2015-10-29 Actiance, Inc. Distributed policy enforcement for enterprise communications
US20150326601A1 (en) 2014-05-10 2015-11-12 Informatica Corporation Assessment type-variable enterprise security impact analysis
US20160004864A1 (en) 2014-07-03 2016-01-07 Palantir Technologies Inc. Malware data item analysis
EP2963578A1 (en) 2014-07-03 2016-01-06 Palantir Technologies, Inc. Malware data item analysis
US9021260B1 (en) 2014-07-03 2015-04-28 Palantir Technologies Inc. Malware data item analysis
EP2985974A1 (en) 2014-08-13 2016-02-17 Palantir Technologies, Inc. Malicious tunneling handling system
US9721117B2 (en) * 2014-09-19 2017-08-01 Oracle International Corporation Shared identity management (IDM) integration in a multi-tenant computing environment
US20170323117A1 (en) * 2014-09-19 2017-11-09 Oracle International Corporation Shared identity management (idm) integration in a multi-tenant computing environment
US20160182309A1 (en) * 2014-12-22 2016-06-23 Rockwell Automation Technologies, Inc. Cloud-based emulation and modeling for automation systems
US20180024975A1 (en) * 2016-07-22 2018-01-25 Conduent Business Services, Llc Methods and systems for managing annotations within applications and websites

Non-Patent Citations (16)

* Cited by examiner, † Cited by third party
Title
Baker et al., "The Development of a Common Enumeration of Vulnerabilities and Exposures," Presented at the Second International Workshop on Recent Advances in Intrusion Detection, Sep. 7-9, 1999, pp. 35.
Bhuyan et al., "Network Anomaly Detection: Methods, Systems and Tools," First Quarter 2014, IEEE.
Crosby et al., "Efficient Data Structures for Tamper-Evident Logging," Department of Computer Science, Rice University, 2009, pp. 17.
FireEye, <http://www.fireeye.com/> Printed Jun. 30, 2014 in 2 pages.
FireEye-Products and Solutions Overview, <http://www.fireeye.com/products-and-solutions> Printed Jun. 30, 2014 in 3 pages.
FireEye—Products and Solutions Overview, <http://www.fireeye.com/products-and-solutions> Printed Jun. 30, 2014 in 3 pages.
Glaab et al., "EnrichNet: Network-Based Gene Set Enrichment Analysis," Bioinformatics 28.18 (2012): pp. i451-i457.
Hur et al., "SciMiner: web-based literature mining tool for target identification and functional enrichment analysis," Bioinformatics 25.6 (2009): pp. 838-840.
Lee et al., "A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions," Lecture Notes in Computer Science, vol. 1907 Nov. 11, 2000, pp. 49-65.
Ma et al., "A New Approach to Secure Logging," ACM Transactions on Storage, vol. 5, No. 1, Article 2, Published Mar. 2009, 21 pages.
Schneier et al., "Automatic Event Stream Notarization Using Digital Signatures," Security Protocols, International Workshop Apr. 1996 Proceedings, Springer-Veriag, 1997, pp. 155-169, https://schneier.com/paper-event-stream.pdf.
Schneier et al., "Cryptographic Support for Secure Logs on Untrusted Machines," The Seventh USENIX Security Symposium Proceedings, USENIX Press, Jan. 1998, pp. 53-62, https://www.schneier.com/paper-secure-logs.pdf.
VirusTotal-About, <http://www.virustotal.com/en/about/> Printed Jun. 30, 2014 in 8 pages.
VirusTotal—About, <http://www.virustotal.com/en/about/> Printed Jun. 30, 2014 in 8 pages.
Waters et al., "Building an Encrypted and Searchable Audit Log," Published Jan. 9, 2004, 11 pages, http://www.parc.com/content/attachments/building_encrypted_searchable_5059_parc.pdf.
Zheng et al., "GOEAST: a web-based software toolkit for Gene Ontology enrichment analysis," Nucleic acids research 36.suppl 2 (2008): pp. W385-W363.

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10817281B2 (en) * 2018-10-29 2020-10-27 Sap Se Packaged application resources for mobile applications
EP3657346A1 (en) * 2018-11-22 2020-05-27 Palantir Technologies Inc. Providing external access to a processing platform
US11449333B2 (en) * 2018-11-22 2022-09-20 Palantir Technologies Inc. Providing external access to a processing platform
US10719313B2 (en) * 2018-11-22 2020-07-21 Palantir Technologies Inc. Providing external access to a processing platform
US11340947B2 (en) 2018-12-11 2022-05-24 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US10868887B2 (en) 2019-02-08 2020-12-15 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
US11943319B2 (en) 2019-02-08 2024-03-26 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
US11683394B2 (en) 2019-02-08 2023-06-20 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
US11528194B2 (en) * 2019-09-06 2022-12-13 Jpmorgan Chase Bank, N.A. Enterprise control plane for data streaming service
US10761889B1 (en) 2019-09-18 2020-09-01 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US11567801B2 (en) 2019-09-18 2023-01-31 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
CN111290768A (en) * 2020-01-22 2020-06-16 北京百度网讯科技有限公司 Updating method, device, equipment and medium for containerization application system
CN111290768B (en) * 2020-01-22 2023-10-20 北京百度网讯科技有限公司 Updating method, device, equipment and medium of containerized application system
US11509650B2 (en) * 2020-02-05 2022-11-22 Unisys Corporation One-time password for secure share mapping
US11501026B2 (en) * 2020-07-13 2022-11-15 Avaya Management L.P. Method to encrypt the data at rest for data residing on Kubernetes persistent volumes
US20220012373A1 (en) * 2020-07-13 2022-01-13 Avaya Management L.P. Method to encrypt the data at rest for data residing on kubernetes persistent volumes
CN113110917A (en) * 2021-04-28 2021-07-13 北京链道科技有限公司 Data discovery and security access method based on Kubernetes
CN113110917B (en) * 2021-04-28 2024-03-15 北京链道科技有限公司 Data discovery and security access method based on Kubernetes
CN113626134B (en) * 2021-06-29 2024-02-13 广东浪潮智慧计算技术有限公司 Resource replication method, device, equipment and computer readable storage medium
CN113626134A (en) * 2021-06-29 2021-11-09 广东浪潮智慧计算技术有限公司 Resource replication method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
US10735429B2 (en) Controlling user creation of data resources on a data processing platform
US10079832B1 (en) Controlling user creation of data resources on a data processing platform
CN108810006B (en) Resource access method, device, equipment and storage medium
US20190305959A1 (en) Announcement smart contracts to announce software release
US20190303579A1 (en) Decentralized, immutable, tamper-evident, directed acyclic graphs documenting software supply-chains with cryptographically signed records of software-development life cycle state and cryptographic digests of executable code
US20190303541A1 (en) Auditing smart contracts configured to manage and document software audits
US20190303623A1 (en) Promotion smart contracts for software development processes
US20190305957A1 (en) Execution smart contracts configured to establish trustworthiness of code before execution
US20190306173A1 (en) Alert smart contracts configured to manage and respond to alerts related to code
CN113711536A (en) Extracting data from a blockchain network
CN113302609A (en) Detecting inappropriate activity in the presence of unauthenticated API requests using artificial intelligence
US10397213B2 (en) Systems, methods, and software to provide access control in cloud computing environments
US10691822B1 (en) Policy validation management
US20190229922A1 (en) Authentication and authorization using tokens with action identification
US10270757B2 (en) Managing exchanges of sensitive data
US9934310B2 (en) Determining repeat website users via browser uniqueness tracking
US10404689B2 (en) Password security
US20190386968A1 (en) Method to securely broker trusted distributed task contracts
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
US9355232B2 (en) Methods for governing the disclosure of restricted data
CN112132576B (en) Payment information processing method based on block chain communication and block chain information platform
US9858423B2 (en) Application modification based on a security vulnerability
US20240020299A1 (en) Api management for batch processing
US20240126530A1 (en) Software compliance management for hybrid environment
US20230267684A1 (en) Generating training data through image augmentation

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4